Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Worm:Win32/Alcan.b [CLOSED]

Started by TonV , Jan 13 2008 12:49 PM

  • This topic is locked This topic is locked

#1
TonV
Posted 13 January 2008 - 12:49 PM

TonV

    New Member

  • Member
  • Pip
  • 8 posts
Problem with Worm:Win32/Alcan.B virus

Followed steps:
1. Ran ATF cleaner
2. System Restore
3. Ran AVI Antispyware (Note: Seizes up when selecting Apply all Actions.


Ran Microsoft Malicious Software Removal.
Results from Microsoft Malicious S.R.T.
  • Trojan Downloader:win32/Harrig.AB
  • Worm:win32/Alcan.
B

Partially removed bad files.
Adaware found Alcan virus but freezes up when trying to fix???



Also AVG Antispyware found :
1. Worm:VB.an
2. Not-A-Virus.Exploit.
3. Trojan.Inject.mt
4. Adware.New Dot Net
Along with some other medium risk cookies. After running AVG Antispyware and selecting Apply All Actions the tool seized up. Had to reboot!!!



Hijack This Logfile:



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:02:31 PM, on 1/13/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\PCSecurityShield\ShieldAntivirus\vrmonsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\alg.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\hphmon06.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe
C:\WINDOWS\SM1BG.EXE
C:\Program Files\PCSecurityShield\ShieldAntivirus\vrmonnt.exe
C:\Program Files\PCSecurityShield\ShieldAntivirus\Vrres.exe
C:\Program Files\PCSecurityShield\The Shield Firewall\FireWall.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mim.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\MMDiag.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\PCSecurityShield\The Shield Firewall\GetNetTime.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\hphmon06.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe
C:\WINDOWS\SM1BG.EXE
C:\Program Files\PCSecurityShield\ShieldAntivirus\vrmonnt.exe
C:\Program Files\PCSecurityShield\ShieldAntivirus\Vrres.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Microsoft Location Finder\LocationFinder.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SE...S01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SE...S01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.intellica...px?animate=true
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.h...a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SE...S01?FORM=TOOLBR
F2 - REG:system.ini: UserInit=C:\WINDOWS\regedit /s C:\pav.reg,C:\WINDOWS\system32\pavdr.exe,C:\WINDOWS\system32\userinit.exe,
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Farstone Url Blocker - {316AEF8D-3C37-423E-9E6E-13820A9DC37A} - C:\PROGRA~1\PCSECU~1\THESHI~1\IrlOnIE.dll
O2 - BHO: Quick! - {4E7BD74F-2B8D-469E-C0FF-FD67B79CAF2C} - C:\PROGRA~1\quickbar\quickbar.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~2\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {78D724DD-3545-4FFC-8237-02D6B1FBE925} - blank (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Farstone Popup Blocker - {E22F9B9D-1A1F-473E-BED6-D8BC152441F4} - C:\PROGRA~1\PCSECU~1\THESHI~1\FARPOP~1.DLL
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Quick! - {4E7BD74F-2B8D-469E-C0FF-FD67B79CAF2C} - C:\PROGRA~1\quickbar\quickbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Vrmon] C:\Program Files\PCSecurityShield\ShieldAntivirus\vrmonnt.exe Main
O4 - HKLM\..\Run: [VrSchedule] C:\Program Files\PCSecurityShield\ShieldAntivirus\Vrres.exe
O4 - HKLM\..\Run: [dwStart] C:\Program Files\PCSecurityShield\The Shield Firewall\FireWall.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\RunServicesOnce: [washindex] C:\Program Files\Washer\washidx.exe
O4 - HKUS\S-1-5-21-3543177180-1199276920-1508970038-1012\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Sally')
O4 - HKUS\S-1-5-21-3543177180-1199276920-1508970038-1012\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'Sally')
O4 - HKUS\S-1-5-21-3543177180-1199276920-1508970038-1012\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q (User 'Sally')
O4 - HKUS\S-1-5-21-3543177180-1199276920-1508970038-1012\..\Run: [sys_up1] C:\Program Files\Common Files\svchostsys\svchostsys.exe (User 'Sally')
O4 - HKUS\S-1-5-21-3543177180-1199276920-1508970038-1012\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (User 'Sally')
O4 - HKUS\S-1-5-21-3543177180-1199276920-1508970038-1012\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Sally')
O4 - HKUS\S-1-5-21-3543177180-1199276920-1508970038-1012\..\Run: [Microsoft Location Finder] "C:\Program Files\Microsoft Location Finder\LocationFinder.exe" (User 'Sally')
O4 - HKUS\S-1-5-18\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q (User 'Default user')
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O9 - Extra button: Casino-On-Net - {3015DB92-158E-4b77-9020-85C8E311FBB5} - C:\PROGRA~1\CASINO~1\casino.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...er.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by24fd.bay24....es/MsnPUpld.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemreq.../sysreqlab2.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1138755289796
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn...ro.cab56649.cab
O16 - DPF: {BE319D04-18BD-4B34-AECC-EE7CB610FCA9} (BewitchedGameClass Control) - http://www.sonypictu...itched/main.cab
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemreq...m/sysreqlab.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/...ploader_v10.cab
O16 - DPF: {E9348280-2D74-4933-BE25-73D946926795} (DeviceEnum Class) - http://h20270.www2.h...cdetection3.cab
O16 - DPF: {F127B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - http://walmart.pnime...tupv2.0.0.9.cab?
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: ViRobot Expert Monitoring (vrmonsvc) - HAURI - C:\Program Files\PCSecurityShield\ShieldAntivirus\vrmonsvc.exe
O24 - Desktop Component 1: (no name) - http://www.leaningtreegolf.com/

--
End of file - 16586 bytes
  • 0

Advertisements

#2
TonV
Posted 19 January 2008 - 11:54 AM

TonV

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Can Someone help. Still not able to remove Virus.
  • 0

#3
andrewuk
Posted 19 January 2008 - 12:06 PM

andrewuk

    Trusted Helper

  • Malware Removal
  • 5,297 posts
Hi TonV

welcome to geekstogo :)

sorry to keep you waiting. just for the future, if your log is overlooked then post in "The Waiting Room" part of this forum. that said, lets do a deeper scan of your machine for me to analyse.

Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

you may need to post the logs over 2 replies to ensure all the information is posted.

anrewuk
  • 0

#4
TonV
Posted 19 January 2008 - 02:47 PM

TonV

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Deckard's System Scanner v20071014.68
Run by HP_Owner on 2008-01-19 15:32:50
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------



-- Last 5 Restore Point(s) --
9: 2008-01-19 20:25:25 UTC - RP1175 - Deckard's System Scanner Restore Point
8: 2008-01-19 00:34:40 UTC - RP1174 - Made by Registry Mechanic
7: 2008-01-18 16:00:27 UTC - RP1173 - Made by Registry Mechanic
6: 2008-01-18 06:08:23 UTC - RP1172 - System Checkpoint
5: 2008-01-17 05:31:05 UTC - RP1171 - System Checkpoint


-- First Restore Point --
1: 2008-01-12 23:48:39 UTC - RP1167 - jan1208 restore point


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as HP_Owner.exe) --------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:35:36 PM, on 1/19/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\PCSecurityShield\ShieldAntivirus\vrmonsvc.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\hphmon06.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe
C:\WINDOWS\SM1BG.EXE
C:\Program Files\PCSecurityShield\ShieldAntivirus\vrmonnt.exe
C:\Program Files\PCSecurityShield\ShieldAntivirus\Vrres.exe
C:\Program Files\PCSecurityShield\The Shield Firewall\FireWall.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mim.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Adobe\Acrobat 7.0\Acrobat\acrobat_sl.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\MMDiag.exe
C:\Program Files\PCSecurityShield\The Shield Firewall\GetNetTime.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Documents and Settings\HP_Owner\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\HP_Owner.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SE...S01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SE...S01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.intellica...px?animate=true
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.h...a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SE...S01?FORM=TOOLBR
F2 - REG:system.ini: UserInit=C:\WINDOWS\regedit /s C:\pav.reg,C:\WINDOWS\system32\pavdr.exe,C:\WINDOWS\system32\userinit.exe,
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Farstone Url Blocker - {316AEF8D-3C37-423E-9E6E-13820A9DC37A} - C:\PROGRA~1\PCSECU~1\THESHI~1\IrlOnIE.dll
O2 - BHO: Quick! - {4E7BD74F-2B8D-469E-C0FF-FD67B79CAF2C} - C:\PROGRA~1\quickbar\quickbar.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~2\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {78D724DD-3545-4FFC-8237-02D6B1FBE925} - blank (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Farstone Popup Blocker - {E22F9B9D-1A1F-473E-BED6-D8BC152441F4} - C:\PROGRA~1\PCSECU~1\THESHI~1\FARPOP~1.DLL
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Quick! - {4E7BD74F-2B8D-469E-C0FF-FD67B79CAF2C} - C:\PROGRA~1\quickbar\quickbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Vrmon] C:\Program Files\PCSecurityShield\ShieldAntivirus\vrmonnt.exe Main
O4 - HKLM\..\Run: [VrSchedule] C:\Program Files\PCSecurityShield\ShieldAntivirus\Vrres.exe
O4 - HKLM\..\Run: [dwStart] C:\Program Files\PCSecurityShield\The Shield Firewall\FireWall.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\RunServicesOnce: [washindex] C:\Program Files\Washer\washidx.exe
O4 - HKUS\S-1-5-18\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q (User 'Default user')
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O9 - Extra button: Casino-On-Net - {3015DB92-158E-4b77-9020-85C8E311FBB5} - C:\PROGRA~1\CASINO~1\casino.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...er.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by24fd.bay24....es/MsnPUpld.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemreq.../sysreqlab2.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1138755289796
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn...ro.cab56649.cab
O16 - DPF: {BE319D04-18BD-4B34-AECC-EE7CB610FCA9} (BewitchedGameClass Control) - http://www.sonypictu...itched/main.cab
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemreq...m/sysreqlab.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/...ploader_v10.cab
O16 - DPF: {E9348280-2D74-4933-BE25-73D946926795} (DeviceEnum Class) - http://h20270.www2.h...cdetection3.cab
O16 - DPF: {F127B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - http://walmart.pnime...tupv2.0.0.9.cab?
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: ViRobot Expert Monitoring (vrmonsvc) - HAURI - C:\Program Files\PCSecurityShield\ShieldAntivirus\vrmonsvc.exe
O24 - Desktop Component 1: (no name) - http://www.leaningtreegolf.com/

--
End of file - 14014 bytes

-- File Associations -----------------------------------------------------------

.bat - batfile - DefaultIcon - C:\WINDOWS\system32\shell32.dll,71
.hlp - hlpfile - DefaultIcon - C:\WINDOWS\system32\shell32.dll,23
.inf - inffile - DefaultIcon - C:\WINDOWS\system32\shell32.dll,69
.ini - inifile - DefaultIcon - C:\WINDOWS\system32\shell32.dll,69
.reg - regfile - DefaultIcon - C:\WINDOWS\regedit.exe,1
.txt - txtfile - DefaultIcon - C:\WINDOWS\system32\shell32.dll,70


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 DVDVRRdr_xp - c:\windows\system32\drivers\dvdvrrdr_xp.sys <Not Verified; Windows ® 2000 DDK provider; Windows ® 2000 DDK driver>
R3 Afc (PPdus ASPI Shell) - c:\windows\system32\drivers\afc.sys <Not Verified; Arcsoft, Inc.; Arcsoft® ASPI Shell>
R3 FarStoneFireWallDrive - c:\windows\system32\drivers\fardrive.sys
R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus® ASPI Shell>
R3 VRcore - c:\windows\system32\drivers\vrcore.sys <Not Verified; HAURI, Inc. 1998-2003; >
R3 VRFIL - c:\windows\system32\drivers\vrfil.sys <Not Verified; HAURI; VR Filter for Windows NT/2K/XP>

S1 intelppm (Intel Processor Driver) - c:\windows\system32\drivers\intelppm.sys (file missing)
S2 FILESpy - c:\program files\softwin\bitdefender9\filespy.sys (file missing)
S2 REGSpy - c:\program files\softwin\bitdefender9\regspy.sys (file missing)
S3 AvFlt (Antivirus Filter Driver) - c:\windows\system32\drivers\av5flt.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 vrmonsvc (ViRobot Expert Monitoring) - c:\program files\pcsecurityshield\shieldantivirus\vrmonsvc.exe <Not Verified; HAURI; HAURI ViRobot Vrmonsvc>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Description: SiS 7018 Audio Driver
Device ID: ROOT\MEDIA\0000
Manufacturer: Silicon Integrated Systems Corp.
Name: SiS 7018 Audio Driver
PNP Device ID: ROOT\MEDIA\0000
Service: SiS7018

Class GUID: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Description: SiS 7018 Audio Driver
Device ID: ROOT\MEDIA\0001
Manufacturer: Silicon Integrated Systems Corp.
Name: SiS 7018 Audio Driver
PNP Device ID: ROOT\MEDIA\0001
Service: SiS7018

Class GUID: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Description: SiS 7018 Audio Driver
Device ID: ROOT\MEDIA\0002
Manufacturer: Silicon Integrated Systems Corp.
Name: SiS 7018 Audio Driver
PNP Device ID: ROOT\MEDIA\0002
Service: SiS7018

Class GUID: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Description: SiS 7018 Audio Driver
Device ID: ROOT\MEDIA\0003
Manufacturer: Silicon Integrated Systems Corp.
Name: SiS 7018 Audio Driver
PNP Device ID: ROOT\MEDIA\0003
Service: SiS7018

Class GUID: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Description: SiS 7018 Audio Driver
Device ID: ROOT\MEDIA\0004
Manufacturer: Silicon Integrated Systems Corp.
Name: SiS 7018 Audio Driver
PNP Device ID: ROOT\MEDIA\0004
Service: SiS7018

Class GUID: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Description: SiS 7018 Audio Driver
Device ID: ROOT\MEDIA\0005
Manufacturer: Silicon Integrated Systems Corp.
Name: SiS 7018 Audio Driver
PNP Device ID: ROOT\MEDIA\0005
Service: SiS7018

Class GUID: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Description: SiS 7018 Audio Driver
Device ID: ROOT\MEDIA\0006
Manufacturer: Silicon Integrated Systems Corp.
Name: SiS 7018 Audio Driver
PNP Device ID: ROOT\MEDIA\0006
Service: SiS7018

Class GUID: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Description: SiS 7018 Audio Driver
Device ID: ROOT\MEDIA\0007
Manufacturer: Silicon Integrated Systems Corp.
Name: SiS 7018 Audio Driver
PNP Device ID: ROOT\MEDIA\0007
Service: SiS7018

Class GUID: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Description: SiS 7018 Audio Driver
Device ID: ROOT\MEDIA\0008
Manufacturer: Silicon Integrated Systems Corp.
Name: SiS 7018 Audio Driver
PNP Device ID: ROOT\MEDIA\0008
Service: SiS7018

Class GUID: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Description: SiS 7018 Audio Driver
Device ID: ROOT\MEDIA\0009
Manufacturer: Silicon Integrated Systems Corp.
Name: SiS 7018 Audio Driver
PNP Device ID: ROOT\MEDIA\0009
Service: SiS7018

Class GUID: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Description: SiS 7018 Audio Driver
Device ID: ROOT\MEDIA\0010
Manufacturer: Silicon Integrated Systems Corp.
Name: SiS 7018 Audio Driver
PNP Device ID: ROOT\MEDIA\0010
Service: SiS7018

Class GUID: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Description: SiS 7018 Audio Driver
Device ID: ROOT\MEDIA\0011
Manufacturer: Silicon Integrated Systems Corp.
Name: SiS 7018 Audio Driver
PNP Device ID: ROOT\MEDIA\0011
Service: SiS7018

Class GUID: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Description: SiS 7018 Audio Driver
Device ID: ROOT\MEDIA\0012
Manufacturer: Silicon Integrated Systems Corp.
Name: SiS 7018 Audio Driver
PNP Device ID: ROOT\MEDIA\0012
Service: SiS7018

Class GUID: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Description: SiS 7018 Audio Driver
Device ID: ROOT\MEDIA\0013
Manufacturer: Silicon Integrated Systems Corp.
Name: SiS 7018 Audio Driver
PNP Device ID: ROOT\MEDIA\0013
Service: SiS7018

Class GUID: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Description: SiS 7018 Audio Driver
Device ID: ROOT\MEDIA\0014
Manufacturer: Silicon Integrated Systems Corp.
Name: SiS 7018 Audio Driver
PNP Device ID: ROOT\MEDIA\0014
Service: SiS7018

Class GUID: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Description: SiS 7018 Audio Driver
Device ID: ROOT\MEDIA\0015
Manufacturer: Silicon Integrated Systems Corp.
Name: SiS 7018 Audio Driver
PNP Device ID: ROOT\MEDIA\0015
Service: SiS7018

Class GUID: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Description: SiS 7018 Audio Driver
Device ID: ROOT\MEDIA\0016
Manufacturer: Silicon Integrated Systems Corp.
Name: SiS 7018 Audio Driver
PNP Device ID: ROOT\MEDIA\0016
Service: SiS7018

Class GUID: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Description: SiS 7018 Audio Driver
Device ID: ROOT\MEDIA\0017
Manufacturer: Silicon Integrated Systems Corp.
Name: SiS 7018 Audio Driver
PNP Device ID: ROOT\MEDIA\0017
Service: SiS7018

Class GUID: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Description: SiS 7018 Audio Driver
Device ID: ROOT\MEDIA\0018
Manufacturer: Silicon Integrated Systems Corp.
Name: SiS 7018 Audio Driver
PNP Device ID: ROOT\MEDIA\0018
Service: SiS7018

Class GUID: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Description: SiS 7018 Audio Driver
Device ID: ROOT\MEDIA\0019
Manufacturer: Silicon Integrated Systems Corp.
Name: SiS 7018 Audio Driver
PNP Device ID: ROOT\MEDIA\0019
Service: SiS7018

Class GUID: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Description: SiS 7018 Audio Driver
Device ID: ROOT\MEDIA\0020
Manufacturer: Silicon Integrated Systems Corp.
Name: SiS 7018 Audio Driver
PNP Device ID: ROOT\MEDIA\0020
Service: SiS7018

Class GUID: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Description: SiS 7018 Audio Driver
Device ID: ROOT\MEDIA\0021
Manufacturer: Silicon Integrated Systems Corp.
Name: SiS 7018 Audio Driver
PNP Device ID: ROOT\MEDIA\0021
Service: SiS7018

Class GUID: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Description: SiS 7018 Audio Driver
Device ID: ROOT\MEDIA\0022
Manufacturer: Silicon Integrated Systems Corp.
Name: SiS 7018 Audio Driver
PNP Device ID: ROOT\MEDIA\0022
Service: SiS7018

Class GUID: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Description: SiS 7018 Audio Driver
Device ID: ROOT\MEDIA\0023
Manufacturer: Silicon Integrated Systems Corp.
Name: SiS 7018 Audio Driver
PNP Device ID: ROOT\MEDIA\0023
Service: SiS7018

Class GUID: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Description: SiS 7018 Audio Driver
Device ID: ROOT\MEDIA\0024
Manufacturer: Silicon Integrated Systems Corp.
Name: SiS 7018 Audio Driver
PNP Device ID: ROOT\MEDIA\0024
Service: SiS7018

Class GUID: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Description: SiS 7018 Audio Driver
Device ID: ROOT\MEDIA\0025
Manufacturer: Silicon Integrated Systems Corp.
Name: SiS 7018 Audio Driver
PNP Device ID: ROOT\MEDIA\0025
Service: SiS7018

Class GUID: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Description: SiS 7018 Audio Driver
Device ID: ROOT\MEDIA\0026
Manufacturer: Silicon Integrated Systems Corp.
Name: SiS 7018 Audio Driver
PNP Device ID: ROOT\MEDIA\0026
Service: SiS7018

Class GUID: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Description: SiS 7018 Audio Driver
Device ID: ROOT\MEDIA\0027
Manufacturer: Silicon Integrated Systems Corp.
Name: SiS 7018 Audio Driver
PNP Device ID: ROOT\MEDIA\0027
Service: SiS7018

Class GUID: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Description: SiS 7018 Audio Driver
Device ID: ROOT\MEDIA\0028
Manufacturer: Silicon Integrated Systems Corp.
Name: SiS 7018 Audio Driver
PNP Device ID: ROOT\MEDIA\0028
Service: SiS7018

Class GUID: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Description: SiS 7018 Audio Driver
Device ID: ROOT\MEDIA\0029
Manufacturer: Silicon Integrated Systems Corp.
Name: SiS 7018 Audio Driver
PNP Device ID: ROOT\MEDIA\0029
Service: SiS7018

Class GUID: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Description: SiS 7018 Audio Driver
Device ID: ROOT\MEDIA\0030
Manufacturer: Silicon Integrated Systems Corp.
Name: SiS 7018 Audio Driver
PNP Device ID: ROOT\MEDIA\0030
Service: SiS7018

Class GUID: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Description: SiS 7018 Audio Driver
Device ID: ROOT\MEDIA\0031
Manufacturer: Silicon Integrated Systems Corp.
Name: SiS 7018 Audio Driver
PNP Device ID: ROOT\MEDIA\0031
Service: SiS7018

Class GUID: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Description: SiS 7018 Audio Driver
Device ID: ROOT\MEDIA\0032
Manufacturer: Silicon Integrated Systems Corp.
Name: SiS 7018 Audio Driver
PNP Device ID: ROOT\MEDIA\0032
Service: SiS7018

Class GUID: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Description: SiS 7018 Audio Driver
Device ID: ROOT\MEDIA\0033
Manufacturer: Silicon Integrated Systems Corp.
Name: SiS 7018 Audio Driver
PNP Device ID: ROOT\MEDIA\0033
Service: SiS7018

Class GUID: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Description: SiS 7018 Audio Driver
Device ID: ROOT\MEDIA\0034
Manufacturer: Silicon Integrated Systems Corp.
Name: SiS 7018 Audio Driver
PNP Device ID: ROOT\MEDIA\0034
Service: SiS7018

Class GUID: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Description: SiS 7018 Audio Driver
Device ID: ROOT\MEDIA\0035
Manufacturer: Silicon Integrated Systems Corp.
Name: SiS 7018 Audio Driver
PNP Device ID: ROOT\MEDIA\0035
Service: SiS7018

Class GUID: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Description: SiS 7018 Audio Driver
Device ID: ROOT\MEDIA\0036
Manufacturer: Silicon Integrated Systems Corp.
Name: SiS 7018 Audio Driver
PNP Device ID: ROOT\MEDIA\0036
Service: SiS7018

Class GUID: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Description: SiS 7018 Audio Driver
Device ID: ROOT\MEDIA\0037
Manufacturer: Silicon Integrated Systems Corp.
Name: SiS 7018 Audio Driver
PNP Device ID: ROOT\MEDIA\0037
Service: SiS7018

Class GUID: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Description: SiS 7018 Audio Driver
Device ID: ROOT\MEDIA\0038
Manufacturer: Silicon Integrated Systems Corp.
Name: SiS 7018 Audio Driver
PNP Device ID: ROOT\MEDIA\0038
Service: SiS7018

Class GUID: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Description: SiS 7018 Audio Driver
Device ID: ROOT\MEDIA\0039
Manufacturer: Silicon Integrated Systems Corp.
Name: SiS 7018 Audio Driver
PNP Device ID: ROOT\MEDIA\0039
Service: SiS7018

Class GUID: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Description: SiS 7018 Audio Driver
Device ID: ROOT\MEDIA\0040
Manufacturer: Silicon Integrated Systems Corp.
Name: SiS 7018 Audio Driver
PNP Device ID: ROOT\MEDIA\0040
Service: SiS7018

Class GUID: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Description: SiS 7018 Audio Driver
Device ID: ROOT\MEDIA\0041
Manufacturer: Silicon Integrated Systems Corp.
Name: SiS 7018 Audio Driver
PNP Device ID: ROOT\MEDIA\0041
Service: SiS7018

Class GUID: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Description: SiS 7018 Audio Driver
Device ID: ROOT\MEDIA\0042
Manufacturer: Silicon Integrated Systems Corp.
Name: SiS 7018 Audio Driver
PNP Device ID: ROOT\MEDIA\0042
Service: SiS7018

Class GUID: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Description: SiS 7018 Audio Driver
Device ID: ROOT\MEDIA\0043
Manufacturer: Silicon Integrated Systems Corp.
Name: SiS 7018 Audio Driver
PNP Device ID: ROOT\MEDIA\0043
Service: SiS7018

Class GUID: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Description: SiS 7018 Audio Driver
Device ID: ROOT\MEDIA\0044
Manufacturer: Silicon Integrated Systems Corp.
Name: SiS 7018 Audio Driver
PNP Device ID: ROOT\MEDIA\0044
Service: SiS7018

Class GUID: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Description: SiS 7018 Audio Driver
Device ID: ROOT\MEDIA\0045
Manufacturer: Silicon Integrated Systems Corp.
Name: SiS 7018 Audio Driver
PNP Device ID: ROOT\MEDIA\0045
Service: SiS7018

Class GUID: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Description: SiS 7018 Audio Driver
Device ID: ROOT\MEDIA\0046
Manufacturer: Silicon Integrated Systems Corp.
Name: SiS 7018 Audio Driver
PNP Device ID: ROOT\MEDIA\0046
Service: SiS7018

Class GUID: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Description: SiS 7018 Audio Driver
Device ID: ROOT\MEDIA\0047
Manufacturer: Silicon Integrated Systems Corp.
Name: SiS 7018 Audio Driver
PNP Device ID: ROOT\MEDIA\0047
Service: SiS7018

Class GUID: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Description: SiS 7018 Audio Driver
Device ID: ROOT\MEDIA\0048
Manufacturer: Silicon Integrated Systems Corp.
Name: SiS 7018 Audio Driver
PNP Device ID: ROOT\MEDIA\0048
Service: SiS7018

Class GUID: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Description: SiS 7018 Audio Driver
Device ID: ROOT\MEDIA\0049
Manufacturer: Silicon Integrated Systems Corp.
Name: SiS 7018 Audio Driver
PNP Device ID: ROOT\MEDIA\0049
Service: SiS7018

Class GUID: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Description: SiS 7018 Audio Driver
Device ID: ROOT\MEDIA\0050
Manufacturer: Silicon Integrated Systems Corp.
Name: SiS 7018 Audio Driver
PNP Device ID: ROOT\MEDIA\0050
Service: SiS7018

Class GUID: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Description: SiS 7018 Audio Driver
Device ID: ROOT\MEDIA\0051
Manufacturer: Silicon Integrated Systems Corp.
Name: SiS 7018 Audio Driver
PNP Device ID: ROOT\MEDIA\0051
Service: SiS7018

Class GUID: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Description: SiS 7018 Audio Driver
Device ID: ROOT\MEDIA\0052
Manufacturer: Silicon Integrated Systems Corp.
Name: SiS 7018 Audio Driver
PNP Device ID: ROOT\MEDIA\0052
Service: SiS7018

Class GUID: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Description: SiS 7018 Audio Driver
Device ID: ROOT\MEDIA\0053
Manufacturer: Silicon Integrated Systems Corp.
Name: SiS 7018 Audio Driver
PNP Device ID: ROOT\MEDIA\0053
Service: SiS7018

Class GUID: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Description: SiS 7018 Audio Driver
Device ID: ROOT\MEDIA\0054
Manufacturer: Silicon Integrated Systems Corp.
Name: SiS 7018 Audio Driver
PNP Device ID: ROOT\MEDIA\0054
Service: SiS7018

Class GUID: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Description: SiS 7018 Audio Driver
Device ID: ROOT\MEDIA\0055
Manufacturer: Silicon Integrated Systems Corp.
Name: SiS 7018 Audio Driver
PNP Device ID: ROOT\MEDIA\0055
Service: SiS7018

Class GUID: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Description: SiS 7018 Audio Driver
Device ID: ROOT\MEDIA\0056
Manufacturer: Silicon Integrated Systems Corp.
Name: SiS 7018 Audio Driver
PNP Device ID: ROOT\MEDIA\0056
Service: SiS7018

Class GUID: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Description: SiS 7018 Audio Driver
Device ID: ROOT\MEDIA\0057
Manufacturer: Silicon Integrated Systems Corp.
Name: SiS 7018 Audio Driver
PNP Device ID: ROOT\MEDIA\0057
Service: SiS7018

Class GUID: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Description: SiS 7018 Audio Driver
Device ID: ROOT\MEDIA\0058
Manufacturer: Silicon Integrated Systems Corp.
Name: SiS 7018 Audio Driver
PNP Device ID: ROOT\MEDIA\0058
Service: SiS7018

Class GUID: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Description: SiS 7018 Audio Driver
Device ID: ROOT\MEDIA\0059
Manufacturer: Silicon Integrated Systems Corp.
Name: SiS 7018 Audio Driver
PNP Device ID: ROOT\MEDIA\0059
Service: SiS7018

Class GUID: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Description: SiS 7018 Audio Driver
Device ID: ROOT\MEDIA\0060
Manufacturer: Silicon Integrated Systems Corp.
Name: SiS 7018 Audio Driver
PNP Device ID: ROOT\MEDIA\0060
Service: SiS7018

Class GUID: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Description: SiS 7018 Audio Driver
Device ID: ROOT\MEDIA\0061
Manufacturer: Silicon Integrated Systems Corp.
Name: SiS 7018 Audio Driver
PNP Device ID: ROOT\MEDIA\0061
Service: SiS7018

Class GUID: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Description: SiS 7018 Audio Driver
Device ID: ROOT\MEDIA\0062
Manufacturer: Silicon Integrated Systems Corp.
Name: SiS 7018 Audio Driver
PNP Device ID: ROOT\MEDIA\0062
Service: SiS7018

Class GUID: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Description: SiS 7018 Audio Driver
Device ID: ROOT\MEDIA\0063
Manufacturer: Silicon Integrated Systems Corp.
Name: SiS 7018 Audio Driver
PNP Device ID: ROOT\MEDIA\0063
Service: SiS7018

Class GUID: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Description: SiS 7018 Audio Driver
Device ID: ROOT\MEDIA\0064
Manufacturer: Silicon Integrated Systems Corp.
Name: SiS 7018 Audio Driver
PNP Device ID: ROOT\MEDIA\0064
Service: SiS7018

Class GUID: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Description: SiS 7018 Audio Driver
Device ID: ROOT\MEDIA\0065
Manufacturer: Silicon Integrated Systems Corp.
Name: SiS 7018 Audio Driver
PNP Device ID: ROOT\MEDIA\0065
Service: SiS7018

Class GUID: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Description: SiS 7018 Audio Driver
Device ID: ROOT\MEDIA\0066
Manufacturer: Silicon Integrated Systems Corp.
Name: SiS 7018 Audio Driver
PNP Device ID: ROOT\MEDIA\0066
Service: SiS7018

Class GUID: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Description: SiS 7018 Audio Driver
Device ID: ROOT\MEDIA\0067
Manufacturer: Silicon Integrated Systems Corp.
Name: SiS 7018 Audio Driver
PNP Device ID: ROOT\MEDIA\0067
Service: SiS7018

Class GUID: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Description: SiS 7018 Audio Driver
Device ID: ROOT\MEDIA\0068
Manufacturer: Silicon Integrated Systems Corp.
Name: SiS 7018 Audio Driver
PNP Device ID: ROOT\MEDIA\0068
Service: SiS7018

Class GUID: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Description: SiS 7018 Audio Driver
Device ID: ROOT\MEDIA\0069
Manufacturer: Silicon Integrated Systems Corp.
Name: SiS 7018 Audio Driver
PNP Device ID: ROOT\MEDIA\0069
Service: SiS7018

Class GUID: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Description: SiS 7018 Audio Driver
Device ID: ROOT\MEDIA\0070
Manufacturer: Silicon Integrated Systems Corp.
Name: SiS 7018 Audio Driver
PNP Device ID: ROOT\MEDIA\0070
Service: SiS7018

Class GUID: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Description: SiS 7018 Audio Driver
Device ID: ROOT\MEDIA\0071
Manufacturer: Silicon Integrated Systems Corp.
Name: SiS 7018 Audio Driver
PNP Device ID: ROOT\MEDIA\0071
Service: SiS7018

Class GUID: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Description: SiS 7018 Audio Driver
Device ID: ROOT\MEDIA\0072
Manufacturer: Silicon Integrated Systems Corp.
Name: SiS 7018 Audio Driver
PNP Device ID: ROOT\MEDIA\0072
Service: SiS7018

Class GUID: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Description: SiS 7018 Audio Driver
Device ID: ROOT\MEDIA\0073
Manufacturer: Silicon Integrated Systems Corp.
Name: SiS 7018 Audio Driver
PNP Device ID: ROOT\MEDIA\0073
Service: SiS7018

Class GUID: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Description: SiS 7018 Audio Driver
Device ID: ROOT\MEDIA\0074
Manufacturer: Silicon Integrated Systems Corp.
Name: SiS 7018 Audio Driver
PNP Device ID: ROOT\MEDIA\0074
Service: SiS7018

Class GUID: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Description: SiS 7018 Audio Driver
Device ID: ROOT\MEDIA\0075
Manufacturer: Silicon Integrated Systems Corp.
Name: SiS 7018 Audio Driver
PNP Device ID: ROOT\MEDIA\0075
Service: SiS7018

Class GUID: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Description: SiS 7018 Audio Driver
Device ID: ROOT\MEDIA\0076
Manufacturer: Silicon Integrated Systems Corp.
Name: SiS 7018 Audio Driver
PNP Device ID: ROOT\MEDIA\0076
Service: SiS7018

Class GUID: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Description: SiS 7018 Audio Driver
Device ID: ROOT\MEDIA\0077
Manufacturer: Silicon Integrated Systems Corp.
Name: SiS 7018 Audio Driver
PNP Device ID: ROOT\MEDIA\0077
Service: SiS7018

Class GUID: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Description: SiS 7018 Audio Driver
Device ID: ROOT\MEDIA\0078
Manufacturer: Silicon Integrated Systems Corp.
Name: SiS 7018 Audio Driver
PNP Device ID: ROOT\MEDIA\0078
Service: SiS7018

Class GUID: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Description: SiS 7018 Audio Driver
Device ID: ROOT\MEDIA\0079
Manufacturer: Silicon Integrated Systems Corp.
Name: SiS 7018 Audio Driver
PNP Device ID: ROOT\MEDIA\0079
Service: SiS7018

Class GUID: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Description: SiS 7018 Audio Driver
Device ID: ROOT\MEDIA\0080
Manufacturer: Silicon Integrated Systems Corp.
Name: SiS 7018 Audio Driver
PNP Device ID: ROOT\MEDIA\0080
Service: SiS7018

Class GUID: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Description: SiS 7018 Audio Driver
Device ID: ROOT\MEDIA\0081
Manufacturer: Silicon Integrated Systems Corp.
Name: SiS 7018 Audio Driver
PNP Device ID: ROOT\MEDIA\0081
Service: SiS7018

Class GUID: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Description: SiS 7018 Audio Driver
Device ID: ROOT\MEDIA\0082
Manufacturer: Silicon Integrated Systems Corp.
Name: SiS 7018 Audio Driver
PNP Device ID: ROOT\MEDIA\0082
Service: SiS7018

Class GUID: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Description: SiS 7018 Audio Driver
Device ID: ROOT\MEDIA\0083
Manufacturer: Silicon Integrated Systems Corp.
Name: SiS 7018 Audio Driver
PNP Device ID: ROOT\MEDIA\0083
Service: SiS7018

Class GUID: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Description: SiS 7018 Audio Driver
Device ID: ROOT\MEDIA\0084
Manufacturer: Silicon Integrated Systems Corp.
Name: SiS 7018 Audio Driver
PNP Device ID: ROOT\MEDIA\0084
Service: SiS7018

Class GUID: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Description: SiS 7018 Audio Driver
Device ID: ROOT\MEDIA\0085
Manufacturer: Silicon Integrated Systems Corp.
Name: SiS 7018 Audio Driver
PNP Device ID: ROOT\MEDIA\0085
Service: SiS7018

Class GUID: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Description: SiS 7018 Audio Driver
Device ID: ROOT\MEDIA\0086
Manufacturer: Silicon Integrated Systems Corp.
Name: SiS 7018 Audio Driver
PNP Device ID: ROOT\MEDIA\0086
Service: SiS7018

Class GUID: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Description: SiS 7018 Audio Driver
Device ID: ROOT\MEDIA\0087
Manufacturer: Silicon Integrated Systems Corp.
Name: SiS 7018 Audio Driver
PNP Device ID: ROOT\MEDIA\0087
Service: SiS7018

Class GUID: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Description: SiS 7018 Audio Driver
Device ID: ROOT\MEDIA\0088
Manufacturer: Silicon Integrated Systems Corp.
Name: SiS 7018 Audio Driver
PNP Device ID: ROOT\MEDIA\0088
Service: SiS7018

Class GUID: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Description: SiS 7018 Audio Driver
Device ID: ROOT\MEDIA\0089
Manufacturer: Silicon Integrated Systems Corp.
Name: SiS 7018 Audio Driver
PNP Device ID: ROOT\MEDIA\0089
Service: SiS7018

Class GUID: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Description: SiS 7018 Audio Driver
Device ID: ROOT\UNKNOWN\0000
Manufacturer: Silicon Integrated Systems Corp.
Name: SiS 7018 Audio Driver
PNP Device ID: ROOT\UNKNOWN\0000
Service: SiS7018


-- Scheduled Tasks -------------------------------------------------------------

2008-01-19 15:23:01 260 --a------ C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job
2006-01-18 12:21:13 306 --a------ C:\WINDOWS\Tasks\XoftSpy.job


-- Files created between 2007-12-19 and 2008-01-19 -----------------------------

2008-01-13 09:58:40 0 d-------- C:\Documents and Settings\Sally\Application Data\Grisoft
2008-01-12 15:29:53 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-01-12 14:39:00 0 d-------- C:\Program Files\Trend Micro
2008-01-10 20:58:02 262144 --a------ C:\Documents and Settings\Bryan\ntuser.dat
2008-01-04 16:44:43 0 d-------- C:\Documents and Settings\All Users\Application Data\Pure Networks
2007-12-31 13:07:37 0 d-------- C:\WINDOWS\Provisioning


-- Find3M Report ---------------------------------------------------------------

2008-01-19 15:32:13 0 d-------- C:\Program Files\Spyware Doctor
2008-01-07 20:03:33 0 d-------- C:\Program Files\Winamp
2008-01-02 20:16:17 0 d-------- C:\Program Files\Creative
2008-01-02 20:08:13 0 d-------- C:\Program Files\Common Files\Roxio Shared
2008-01-02 20:05:53 0 d-------- C:\Program Files\Sony Pictures Games
2008-01-02 19:45:30 0 d-a------ C:\Program Files\Common Files
2008-01-02 19:42:06 0 d-------- C:\Program Files\Vodei
2008-01-02 19:40:02 0 d-------- C:\Program Files\Diablo II
2008-01-02 19:25:35 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-01-01 15:30:27 0 d-------- C:\Program Files\EA GAMES
2008-01-01 15:26:24 0 d-------- C:\Program Files\GameSpy Arcade
2008-01-01 15:25:51 0 d-------- C:\Program Files\EA SPORTS
2008-01-01 15:22:52 0 d-------- C:\Program Files\Acoustica Beatcraft
2007-12-17 23:10:46 0 d-------- C:\Program Files\Dassault Systemes
2007-12-17 23:09:39 0 d-------- C:\Program Files\MSXML 6.0
2007-12-17 23:06:09 0 d-------- C:\Program Files\Virtual Earth 3D
2007-12-01 11:21:35 0 d-------- C:\Program Files\Windows Live Toolbar
2007-12-01 11:17:14 0 d-------- C:\Program Files\Windows Live Favorites
2007-11-27 20:10:34 0 d-------- C:\Program Files\Separation Agreement
2007-11-22 16:25:26 0 d-------- C:\Documents and Settings\HP_Owner\Application Data\Winamp
2007-11-22 11:27:36 0 d-------- C:\Program Files\DivX
2007-10-19 19:56:16 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2007-10-19 19:54:28 196608 --a------ C:\WINDOWS\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2007-10-19 19:54:28 81920 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2007-10-19 19:54:12 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2007-10-19 19:54:12 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
2007-10-19 19:54:12 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4E7BD74F-2B8D-469E-C0FF-FD67B79CAF2C}]
11/23/2004 03:34 PM 1164288 --a------ C:\PROGRA~1\quickbar\quickbar.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{78D724DD-3545-4FFC-8237-02D6B1FBE925}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{4E7BD74F-2B8D-469E-C0FF-FD67B79CAF2C}"= C:\PROGRA~1\quickbar\quickbar.dll [11/23/2004 03:34 PM 1164288]

[-HKEY_CLASSES_ROOT\CLSID\{4E7BD74F-2B8D-469E-C0FF-FD67B79CAF2C}]
[HKEY_CLASSES_ROOT\quickbar.QUICKBAR]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [05/07/1998 04:04 AM]
"AGRSMMSG"="AGRSMMSG.exe" [03/04/2005 11:01 AM C:\WINDOWS\AGRSMMSG.exe]
"HPHUPD06"="c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe" [06/07/2004 06:53 AM]
"HPHmon06"="C:\WINDOWS\system32\hphmon06.exe" [06/07/2004 06:42 AM]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [04/14/2004 08:43 AM]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [04/17/2004 03:41 PM]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [04/13/2004 09:07 AM]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [11/02/2004 08:24 PM]
"Acrobat Assistant 7.0"="C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [01/12/2006 08:52 PM]
"@"="" []
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [02/16/2005 11:11 PM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [02/27/2005 01:57 AM]
"SiSUSBRG"="C:\WINDOWS\SiSUSBrg.exe" [07/12/2002 06:15 PM]
"MimBoot"="C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe" [03/09/2005 06:10 PM]
"AlcxMonitor"="ALCXMNTR.EXE" [09/07/2004 08:47 AM C:\WINDOWS\ALCXMNTR.EXE]
"RoxioDragToDisc"="C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe" [03/08/2005 08:13 PM]
"SM1BG"="C:\WINDOWS\SM1BG.EXE" [08/27/2003 01:20 PM]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [07/09/2001 10:50 AM]
"Vrmon"="C:\Program Files\PCSecurityShield\ShieldAntivirus\vrmonnt.exe" [01/18/2006 05:07 PM]
"VrSchedule"="C:\Program Files\PCSecurityShield\ShieldAntivirus\Vrres.exe" [03/11/2004 12:00 PM]
"dwStart"="C:\Program Files\PCSecurityShield\The Shield Firewall\FireWall.exe" [08/04/2004 08:13 PM]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [05/20/2005 01:46 PM C:\WINDOWS\KHALMNPR.Exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [09/25/2007 12:11 AM]
"KBD"="C:\HP\KBD\KBD.EXE" [02/02/2005 04:44 PM]
"SiSPower"="SiSPower.dll" [04/12/2005 11:31 AM C:\WINDOWS\system32\SiSPower.dll]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [06/08/2007 12:25 PM]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [12/20/2007 10:16 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Spyware Doctor"="C:\Program Files\Spyware Doctor\swdoctor.exe" [12/14/2006 02:45 PM]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [02/12/2007 07:21 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/03/2004 11:00 PM]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [06/08/2007 10:33 PM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runservicesonce]
"washindex"=C:\Program Files\Washer\washidx.exe

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Spyware Doctor"="C:\Program Files\Spyware Doctor\swdoctor.exe" /Q

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2/20/2005 10:50:42 AM]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [5/29/2004 1:31:38 AM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="C:\WINDOWS\regedit /s C:\pav.reg,C:\WINDOWS\system32\pavdr.exe,C:\WINDOWS\system32\userinit.exe,"


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{946850c5-1e27-11d9-baf0-806d6172696f}]
AutoRun\command- D:\setup.exe




-- Hosts -----------------------------------------------------------------------

127.0.0.1 downloads.aaa1screensavers.com #[Bargin Buddy]
127.0.0.1 dl.aaascreensavers.com
127.0.0.1 abcsearch.com
127.0.0.1 admin.abcsearch.com
127.0.0.1 www3.abcsearch.com #[Browseraid]
127.0.0.1 www.abcsearch.com
127.0.0.1 abc517.net #[Trojan.Mitglieder.H]
127.0.0.1 absoluagency.com #[Trojan.StartPage.H]
127.0.0.1 acestats.com
127.0.0.1 www.acestats.com

5249 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2008-01-19 15:38:27 ------------
  • 0

#5
TonV
Posted 19 January 2008 - 02:56 PM

TonV

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Here is the rest of DSS Scan

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: AMD Athlon™ 64 Processor 3300+
Percentage of Memory in Use: 48%
Physical Memory (total/avail): 895.48 MiB / 459.97 MiB
Pagefile Memory (total/avail): 2166.58 MiB / 1749.84 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1925.04 MiB

C: is Fixed (NTFS) - 142.07 GiB total, 59.02 GiB free.
D: is Fixed (FAT32) - 6.96 GiB total, 1.94 GiB free.
E: is CDROM (No Media)
F: is CDROM (No Media)
G: is Removable (No Media)
H: is Removable (No Media)
I: is Removable (No Media)
J: is Removable (No Media)

\\.\PHYSICALDRIVE0 - ST3160021A - 149.05 GiB - 2 partitions
\PARTITION0 - Unknown - 6.97 GiB - D:
\PARTITION1 (bootable) - Installable File System - 142.07 GiB - C:

\\.\PHYSICALDRIVE2 - Generic USB CF Reader USB Device

\\.\PHYSICALDRIVE4 - Generic USB MS Reader USB Device

\\.\PHYSICALDRIVE1 - Generic USB SD Reader USB Device

\\.\PHYSICALDRIVE3 - Generic USB SM Reader USB Device



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FirstRunDisabled is set.

FW: Norton Internet Worm Protection v2005 (Symantec Corporation)
AV: The Shield AntiVirus 2006 vVERSION (HAURI AntiVirus ViRobot)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%ProgramFiles%\\iTunes\\iTunes.exe"="%ProgramFiles%\\iTunes\\iTunes.exe:*:enabled:iTunes"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\Updates from HP\\309731\\Program\\Updates from HP.exe"="C:\\Program Files\\Updates from HP\\309731\\Program\\Updates from HP.exe:*:Enabled:BackWeb for Pavilion"
"C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"="C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe:*:Enabled:Earthlink"
"C:\\Program Files\\Ad Muncher\\AdMunch.exe"="C:\\Program Files\\Ad Muncher\\AdMunch.exe:*:Enabled:AdMunch"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\GameSpy Arcade\\Aphex.exe"="C:\\Program Files\\GameSpy Arcade\\Aphex.exe:*:Enabled:GameSpy Arcade"
"C:\\Program Files\\EA GAMES\\Medal of Honor Pacific Assault™\\mohpa.exe"="C:\\Program Files\\EA GAMES\\Medal of Honor Pacific Assault™\\mohpa.exe:*:Enabled:Medal of Honor Pacific Assault™"
"C:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"="C:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe:*:Enabled:HP Software Update Client"
"C:\\Program Files\\EA GAMES\\Medal of Honor Allied Assault Spearhead Demo\\moh_spearhead_demo.exe"="C:\\Program Files\\EA GAMES\\Medal of Honor Allied Assault Spearhead Demo\\moh_spearhead_demo.exe:*:Enabled:Medal of Honor Allied Assault™ Spearhead"
"C:\\Program Files\\GameSpy Arcade\\Services\\gshearts\\Hearts-GS.exe"="C:\\Program Files\\GameSpy Arcade\\Services\\gshearts\\Hearts-GS.exe:*:Enabled:Hearts"
"C:\\Program Files\\GameSpy Arcade\\Services\\gspoker\\Poker-GS.exe"="C:\\Program Files\\GameSpy Arcade\\Services\\gspoker\\Poker-GS.exe:*:Enabled:GameSpy Poker by Jeff Anderson"
"C:\\Program Files\\BitTorrent\\btdownloadgui.exe"="C:\\Program Files\\BitTorrent\\btdownloadgui.exe:*:Enabled:btdownloadgui"
"C:\\Program Files\\BitTornado\\btdownloadgui.exe"="C:\\Program Files\\BitTornado\\btdownloadgui.exe:*:Enabled:btdownloadgui"
"C:\\Program Files\\BitLord\\BitLord.exe"="C:\\Program Files\\BitLord\\BitLord.exe:*:Enabled:BitLord"
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"="C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE:*:Enabled:Internet Explorer"
"C:\\Program Files\\Diablo II\\Game.exe"="C:\\Program Files\\Diablo II\\Game.exe:*:Enabled:Diablo II"
"C:\\Program Files\\EA GAMES\\Medal of Honor Allied Assault Spearhead Demo\\moh_spearhead_demo_server.exe"="C:\\Program Files\\EA GAMES\\Medal of Honor Allied Assault Spearhead Demo\\moh_spearhead_demo_server.exe:*:Enabled:Medal of Honor Allied Assault™ Spearhead"
"C:\\WINDOWS\\system32\\sessmgr.exe"="C:\\WINDOWS\\system32\\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\WinMX\\WinMX.exe"="C:\\Program Files\\WinMX\\WinMX.exe:*:Disabled:WinMX Application"
"C:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe"="C:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe:*:Enabled:CoD2MP_s"
"C:\\Program Files\\Sony Pictures Games\\JEOPARDY!\\JEOPARDY!.exe"="C:\\Program Files\\Sony Pictures Games\\JEOPARDY!\\JEOPARDY!.exe:*:Enabled:JEOPARDY!"
"C:\\Program Files\\Sony Pictures Games\\Wheel of Fortune\\Wheel of Fortune.exe"="C:\\Program Files\\Sony Pictures Games\\Wheel of Fortune\\Wheel of Fortune.exe:*:Enabled:Wheel of Fortune"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Sony Pictures Games\\Rock and Roll JEOPARDY!\\Rock & Roll JEOPARDY!.exe"="C:\\Program Files\\Sony Pictures Games\\Rock and Roll JEOPARDY!\\Rock & Roll JEOPARDY!.exe:*:Enabled:Rock & Roll JEOPARDY!"
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"C:\\Program Files\\SopCast\\SopCast.exe"="C:\\Program Files\\SopCast\\SopCast.exe:*:Enabled:SopCast Main Application"
"C:\\Documents and Settings\\Bryan\\Application Data\\SopCast\\adv\\SopAdver.exe"="C:\\Documents and Settings\\Bryan\\Application Data\\SopCast\\adv\\SopAdver.exe:*:Enabled:SopCast Adver"
"C:\\Program Files\\EA GAMES\\MOHAANetDemo\\MOHAANetDemo.exe"="C:\\Program Files\\EA GAMES\\MOHAANetDemo\\MOHAANetDemo.exe:*:Enabled:Medal of Honor Allied Assault"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\HP_Owner\Application Data
CLASSPATH=C:\Program Files\Java\jre1.6.0_01\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=GFD
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\HP_Owner
LOGONSERVER=\\GFD
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\SYSTEM32;C:\WINDOWS;C:\WINDOWS\SYSTEM32\WBEM;C:\PYTHON22;C:\PROGRAM FILES\PC-DOCTOR FOR WINDOWS\;C:\PROGRAM FILES\COMMON FILES\ROXIO SHARED\DLLSHARED\;C:\Program Files\QuickTime\QTSystem\;;C:\PROGRA~1\COMMON~1\MUVEET~1\030625
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 12 Stepping 0, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0c00
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_01\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\HP_Owner\LOCALS~1\Temp
TMP=C:\DOCUME~1\HP_Owner\LOCALS~1\Temp
USERDOMAIN=GFD
USERNAME=HP_Owner
USERPROFILE=C:\Documents and Settings\HP_Owner
windir=C:\WINDOWS
__COMPAT_LAYER=EnableNXShowUI


-- User Profiles ---------------------------------------------------------------

HP_Owner (admin)
Bryan (admin)
Sally (admin)
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {637099FB-45FD-4BC7-9651-6FB540DBB749}
--> MsiExec.exe /I{21657574-BD54-48A2-9450-EB03B2C7FC29}
--> MsiExec.exe /I{26792CA7-D87A-4DBE-896B-C2F66B344511}
--> MsiExec.exe /I{637099FB-45FD-4BC7-9651-6FB540DBB749}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware SE Personal --> C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
Adobe Acrobat 7.0.9 Professional --> msiexec /I {AC76BA86-1033-0000-7760-000000000002}
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Photoshop 7.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Adobe\Photoshop 7.0\Uninst.isu" -c"C:\Program Files\Adobe\Photoshop 7.0\Uninst.dll"
Agere Systems PCI Soft Modem --> agrsmdel
ArcSoft Software Suite --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9E397B40-13F7-4CA2-9943-ADB29ACBBFDF}\setup.exe" -l0x9
AviSynth 2.5 --> "C:\Program Files\AviSynth 2.5\Uninstall.exe"
BitLord 1.1 --> C:\Program Files\BitLord\uninst.exe
Casino-On-Net --> C:\PROGRA~1\CASINO~1\UNWISE.EXE C:\PROGRA~1\CASINO~1\INSTALL.LOG
Creative Jukebox Driver --> C:\Program Files\Creative\Jukebox 3 Drivers\DrvUnins.exe /s
Cypress USB Mass Storage Driver Installation --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2E0695EE-ED29-4D96-BD77-2A9A17EDF0D6}\Setup.exe" -l0x9 NotFirstInstall
Dassault Systemes Software Prerequisites x86 --> MsiExec.exe /I{9877BCD9-6698-4951-AE19-D5F398D83D5A}
DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Converter --> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DVD Decrypter (Remove Only) --> "C:\Program Files\DVD Decrypter\uninstall.exe"
DVD Shrink 3.2 --> "C:\Program Files\DVD Shrink\unins000.exe"
Enhanced Multimedia Keyboard Solution --> C:\HP\KBD\Install.exe /u
foobar2000 --> "C:\Program Files\foobar2000\uninstall.exe"
Form Fill (Windows Live Toolbar) --> MsiExec.exe /X{548B3DC6-2300-47E1-BA7B-74AD25F8DEBF}
GdiplusUpgrade --> MsiExec.exe /I{5421155F-B033-49DB-9B33-8F80F233D4D5}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
Help and Support Additions --> C:\PROGRA~1\HELPAN~1\UNWISE.EXE C:\PROGRA~1\HELPAN~1\INSTALL.LOG
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
HP Deskjet Preloaded Printer Drivers --> MsiExec.exe /X{F419D20A-7719-4639-8E30-C073A040D878}
HP Image Zone 4.2.3 --> C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP Image Zone Plus 4.2.3 --> C:\Program Files\HP\Digital Imaging\{0D182A5E-AEE0-42ca-BD1D-4EEB2FFA256D}\setup\hpzscr01.exe -datfile hpdscr01.dat
HP Photosmart Cameras 4.0 --> C:\Program Files\HP\Digital Imaging\{4C04DF1B-6A39-4299-9DD1-1FA60000266E}\setup\hpzscr01.exe -datfile hpiscr01.dat
HP PSC & OfficeJet 4.0 --> "C:\Program Files\HP\Digital Imaging\{A1062847-0846-427A-92A1-BB8251A91E91}\setup\hpzscr01.exe" -datfile hposcr04.dat
HP Software Update --> MsiExec.exe /X{457791C5-D702-4143-A7B2-2744BE9573F2}
HP Update --> MsiExec.exe /X{8C6027FD-53DC-446D-BB75-CACD7028A134}
HPIZ423 --> MsiExec.exe /X{561A9B4E-2E48-4149-B977-59C7AFF62B52}
ID3-TagIT --> "C:\Program Files\ALBW\ID3-TagIT\unins000.exe"
J2SE Runtime Environment 5.0 Update 11 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110}
J2SE Runtime Environment 5.0 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
J2SE Runtime Environment 5.0 Update 9 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150090}
Java 2 Runtime Environment, SE v1.4.2_03 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142030}
Java™ 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java™ 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java™ SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
JEOPARDY! 2 (remove only) --> "C:\Program Files\Sony Online Entertainment\JEOPARDY! 2\Uninstall JEOPARDY! 2.exe"
LimeWire 4.14.10 --> "C:\Program Files\LimeWire\uninstall.exe"
Logitech Desktop Messenger --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}\SETUP.exe" -l0x9 UNINSTALL -removeonly
Logitech SetPoint --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}\setup.exe" -l0x9 -removeonly
LUMIX Simple Viewer --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2CDCCE7E-55D5-40CC-AEA0-ABA54713501F}\setup.exe" -l0x9
Macromedia Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Map Button (Windows Live Toolbar) --> MsiExec.exe /X{7745B7A9-F323-4BB9-9811-01BF57A028DA}
Medal of Honor Allied Assault --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0DEA94ED-915A-4834-A87E-388D012C8E02}\Setup.exe" -l0x9
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Location Finder --> MsiExec.exe /I{EC637522-73A5-4428-8B46-65A621529CC7}
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Plus! Photo Story 2 LE --> MsiExec.exe /X{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Mozilla Firefox (2.0.0.11) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
Musicmatch® Jukebox --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{85D3CC30-8859-481A-9654-FD9B74310BEF}\setup.exe" -l0x9 -uninst
MyCam CIF --> MsiExec.exe /X{857343AD-9A00-4287-BF8B-F65C9633CA0C}
Nero 6 Ultra Edition --> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
NeroVision Express 2 --> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
Oblivion --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{35CB6715-41F8-4F99-8881-6FC75BF054B0}\setup.exe" -l0x9 -removeonly
OneCare Advisor (Windows Live Toolbar) --> MsiExec.exe /X{53B2CFE9-A508-4457-B2CA-5D253536BFB7}
PC-Doctor for Windows --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{0C66761E-497A-4BE3-AE0D-8EC30FC9A9AA} /l1033
PHOTOfunSTUDIO -viewer- --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9A9DBEBC-C800-4776-A970-D76D6AA405B1}\Setup.exe" -l0x9 Package
Photosmart 320,370,7400,8100,8400 Series --> C:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\setup\hpzscr01.exe -datfile hphscr01.dat
PokerRoom.com (remove only) --> "C:\Program Files\PokerRoom.com\uninst.exe"
Popup Blocker (Windows Live Toolbar) --> MsiExec.exe /X{66A7A386-6F35-41A7-A731-101F0C0153C8}
Power Tab Editor 1.7 --> MsiExec.exe /I{6B3CA80E-6AC0-4725-BABF-9B0FEF880CB3}
PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
Project64 1.6 --> MsiExec.exe /X{9559F7CA-5E34-4237-A2D9-D856464AD727}
PS2 --> C:\WINDOWS\system32\ps2.exe uninstall
Python 2.2 combined Win32 extensions --> C:\Python22\Lib\SITE-P~1\UNWISE~1.EXE C:\Python22\Lib\SITE-P~1\w32inst.log
Python 2.2.1 --> C:\Python22\UNWISE.EXE C:\Python22\INSTALL.LOG
QuickTime --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{3868A8EE-5051-4DB0-8DF6-4F4B8A98D083} /l1033
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Registry Mechanic 5.2 --> "C:\Program Files\Registry Mechanic\unins000.exe"
Roxio Easy Media Creator 7 --> MsiExec.exe /I{A99C6296-A311-4D6C-9602-53B4241921D5}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Separation Agreement --> "C:\WINDOWS\Separation Agreement\uninstall.exe" "/U:C:\Program Files\Separation Agreement\Uninstall\uninstall.xml"
SiSAGP driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DC226AC9-0314-496C-BE6A-B6A132628466}\setup.exe" -l0x9
Smart Menus (Windows Live Toolbar) --> MsiExec.exe /X{F084395C-40FB-4DB3-981C-B51E74E1E83D}
SopCast 1.1.1 --> C:\Program Files\SopCast\uninst.exe
Spyware Doctor 3.8 --> "C:\Program Files\Spyware Doctor\unins000.exe"
SureThing CD Labeler - Stomper Edition 32 bit --> C:\WINDOWS\MVUNINST\App1\unwise.exe C:\WINDOWS\MVUNINST\APP1\INSTALL.LOG "SureThing CD Labeler - Stomper Edition Uninstall"
System Requirements Lab --> C:\Program Files\SystemRequirementsLab\Uninstall.exe
TES Construction Set --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\Bethesda Softworks\Morrowind\CSUninstall\Setup.exe" -l0x9
The Shield 2006 Professional --> C:\Program Files\The Shield Firewall\uninst.exe
The Shield AntiVirus 2006 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A891D097-880A-41BB-8F86-A0D09E8D295F}\setup.exe" -l0x9
USB Storage Adapter FX (SM1) --> SM1UN.EXE SM1FX_AT
Video Converter 3 --> C:\Program Files\Xilisoft\Video Converter 3\Uninstall.exe
VideoLAN VLC media player 0.8.5 --> C:\Program Files\VideoLAN\VLC\uninstall.exe
Virtual Earth - 3DVIA (Beta) --> MsiExec.exe /X{FBE9048D-F0A0-4746-A559-381B554611DC}
Virtual Earth 3D (Beta) --> MsiExec.exe /I{D76D1828-BBA0-4BD9-8181-5ACC617DC5F2}
VobSub v2.23 (Remove Only) --> "C:\Program Files\Gabest\VobSub\uninstall.exe"
Winamp --> "C:\Program Files\Winamp\UninstWA.exe"
Window Washer --> C:\WINDOWS\unwash.exe
Windows Driver Package - Camera Maker (MR97310_USB_DUAL_CAMERA) Image 05/02/2006 2.0.1.0 --> C:\WINDOWS\system32\DRVSTORE\f1490bc41e7d27129cb157cba768cf63b89e7752\DPInst.exe /u mr97310c_79b33283ba293e6c94e125bce27e0ecded0a2591
Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Live Favorites for Windows Live Toolbar --> MsiExec.exe /X{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}
Windows Live Messenger --> MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows Live Outlook Toolbar (Windows Live Toolbar) --> MsiExec.exe /X{35E1A8C8-6646-4101-B0AA-42D1EB2AB3AE}
Windows Live Sign-in Assistant --> MsiExec.exe /I{49672EC2-171B-47B4-8CE7-50D7806360D7}
Windows Live Toolbar --> "C:\Program Files\Windows Live Toolbar\UnInstall.exe" {D5A145FC-D00C-4F1A-9119-EB4D9D659750}
Windows Live Toolbar --> MsiExec.exe /X{D5A145FC-D00C-4F1A-9119-EB4D9D659750}
Windows Live Toolbar Extension (Windows Live Toolbar) --> MsiExec.exe /X{341201D4-4F61-4ADB-987E-9CCE4D83A58D}
Windows Live Toolbar Feed Detector (Windows Live Toolbar) --> MsiExec.exe /X{68108E66-D13A-4EE8-A6F4-40E4B90C2A26}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
XviD MPEG-4 Video Codec --> "C:\Program Files\XviD\unins000.exe"


-- Application Event Log -------------------------------------------------------

Event Record #/Type4947 / Error
Event Submitted/Written: 01/19/2008 11:38:59 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application explorer.exe, version 6.0.2900.3156, faulting module explorer.exe, version 6.0.2900.3156, fault address 0x000118b8.
Processing media-specific event for [explorer.exe!ws!]

Event Record #/Type4902 / Success
Event Submitted/Written: 01/16/2008 06:23:59 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type4896 / Error
Event Submitted/Written: 01/15/2008 10:10:13 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application firewall.exe, version 3.1.0.0, faulting module firewall.exe, version 3.1.0.0, fault address 0x000348ca.
Processing media-specific event for [firewall.exe!ws!]

Event Record #/Type4895 / Success
Event Submitted/Written: 01/15/2008 10:10:10 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type4877 / Success
Event Submitted/Written: 01/14/2008 11:55:51 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type107640 / Error
Event Submitted/Written: 01/19/2008 03:28:32 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The REGSpy service failed to start due to the following error:
%%2

Event Record #/Type107639 / Error
Event Submitted/Written: 01/19/2008 03:28:32 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The FILESpy service failed to start due to the following error:
%%2

Event Record #/Type107635 / Warning
Event Submitted/Written: 01/19/2008 02:29:19 PM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Event Record #/Type107634 / Error
Event Submitted/Written: 01/19/2008 01:25:52 PM
Event ID/Source: 29 / W32Time
Event Description:
The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible.
No attempt to contact a source will be made for 14 minutes.
NtpClient has no source of accurate time.

Event Record #/Type107633 / Error
Event Submitted/Written: 01/19/2008 01:25:52 PM
Event ID/Source: 17 / W32Time
Event Description:
Time Provider NtpClient: An error occurred during DNS lookup of the manually
configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15
minutes.
The error was: A socket operation was attempted to an unreachable host. (0x80072751)



-- End of Deckard's System Scanner: finished at 2008-01-19 15:38:27 ------------
  • 0

#6
andrewuk
Posted 19 January 2008 - 04:28 PM

andrewuk

    Trusted Helper

  • Malware Removal
  • 5,297 posts
Hi TonV

i can see some spyware and adware on your machine which we will remove in this post and we will do an online scan to see what else is lurking on your machine.

part of the fix will require us to make changes in your Registry, so we will backup your Registry first. Better safe than sorry!


====STEP 1====

backing up your Registry

Go to Start > Run
Type:regedit
Click OK.
  • On the leftside, click to highlight My Computer at the top.
  • Go up to "File > Export"
    • Make sure in that window there is a tick next to "All" under Export Branch. <= important!
      Leave the "Save As Type" as "Registration Files".
      Under "Filename" put backup
  • Choose to save it to C:\ or somewhere else safe so that you will remember where you put it (don't put it on the desktop!)
  • Click save and then go to File > Exit.
This is so the registry can be restored to this point if we need it. It may take a minute. Just let it go until it's done.


====STEP 2====

Registry Modifications

Next, lets remove the unwanted items.
Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Save it to your desktop has fixit.reg (filetype = any)

REGEDIT4

[-HKEY_CLASSES_ROOT\PopCapLoader.PopCapLoaderCtrl2]

[-HKEY_CLASSES_ROOT\PopCapLoader.PopCapLoaderCtrl2.1]

[-HKEY_CLASSES_ROOT\CLSID\{DF780F87-FF2B-4DF8-92D0-73DB16A1543A}]

[-HKEY_CLASSES_ROOT\Interface\{E4E3E0F8-CD30-4380-8CE9-B96904BDEFCA}]

[-HKEY_CLASSES_ROOT\TypeLib\{C9C5DEAF-0A1F-4660-8279-9EDFAD6FEFE1}]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PopCapLoader.PopCapLoaderCtrl2]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PopCapLoader.PopCapLoaderCtrl2.1]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID]
"{DF780F87-FF2B-4DF8-92D0-73DB16A1543A}"=-

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface
"{E4E3E0F8-CD30-4380-8CE9-B96904BDEFCA}"=-
"{FE8A736F-4124-4D9C-B4B1-3B12381EFABE}"=-

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib
"{C9C5DEAF-0A1F-4660-8279-9EDFAD6FEFE1}"=-

NOTICE: This file was written specifically for this user, for use on that particular machine.
Running this on another machine may cause damage to your operating sysytem

Locate fixit.reg on your Desktop and double-click on it.
You will receive a prompt similar to: "Do you wish to merge the information into the registry?".
Answer "Yes" and wait for a message to appear similar to "Merged Successfully".

Please reply back letting me know if it merged correctly.

(In case you are unsure how to create a reg file, take a look here with screenshots.)



====STEP 3====


Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SE...S01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SE...S01?FORM=TOOLBR
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.h...a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SE...S01?FORM=TOOLBR

O2 - BHO: Quick! - {4E7BD74F-2B8D-469E-C0FF-FD67B79CAF2C} - C:\PROGRA~1\quickbar\quickbar.dll
O2 - BHO: (no name) - {78D724DD-3545-4FFC-8237-02D6B1FBE925} - blank (file missing)

O3 - Toolbar: Quick! - {4E7BD74F-2B8D-469E-C0FF-FD67B79CAF2C} - C:\PROGRA~1\quickbar\quickbar.dll

O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [dwStart] C:\Program Files\PCSecurityShield\The Shield Firewall\FireWall.exe

O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/...ploader_v10.cab

Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis.



Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    C:\PROGRA~1\quickbar\quickbar.dll
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\PCSecurityShield\The Shield Firewall\FireWall.exe
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to be Moved" window (under the light blue bar) and choose Paste.
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    purity
  • Return to OTMoveIt2, right click in the "Paste List Of Files/Patterns To Search For and Move" window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.



====STEP 4====
Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

if that link does not work, try
Kaspersky WebScanner alternate link

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • If asked, click accept
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.



====STEP 5====

if you dont have it from before then please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.



In your next reply could i see:
1. confirmation that the Registry merge went ok
2. the OTMoveIT2 log
3. the kaspersky scan report
4. a new DSS log <= there will only be one log

you may need to put the logs over more than one reply to get all the information posted.

andrewuk
  • 0

#7
TonV
Posted 20 January 2008 - 03:32 PM

TonV

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Sorry for the delay. I used fixit.reg and files were added to registry. Going to continue with next step.
  • 0

#8
andrewuk
Posted 20 January 2008 - 04:19 PM

andrewuk

    Trusted Helper

  • Malware Removal
  • 5,297 posts
ok, i'll be here :)
  • 0

#9
TonV
Posted 21 January 2008 - 12:04 PM

TonV

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
After running Kapersky and OTmoveit2 the computer would not restart. Eventually I used System Restore (Aghhh!!) As you know this was a lot of fun. When I finally got most things working I ran Kapersky and DSS. The Kapersky seemed to work on the Worm????



File/Folder C:\PROGRA~1\quickbar\quickbar.dll not found.
C:\WINDOWS\ALCXMNTR.EXE moved successfully.
C:\Program Files\PCSecurityShield\The Shield Firewall\FireWall.exe moved successfully.
[Custom Input]
< purity >

OTMoveIt2 v1.0.9 log created on 01202008_165442
  • 0

#10
TonV
Posted 21 January 2008 - 12:22 PM

TonV

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Scan
----
Scanned: 308351
Detected: 4082
Untreated: 0
Start time: 1/21/2008 1:00:30 AM
Duration: 02:35:42
Finish time: 1/21/2008 3:36:12 AM
Signatures published: 1/20/2008 5:07:05 PM


Detected
--------
Status Object
------ ------
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\alicia villareal - cuando el corazon s.zip/Setup.exe
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\avast! Professional Edition 4.5.549.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\avast! Professional Edition 4.6.691.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\avast! Professional Edition 4.6.744.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\cFosSpeed 2.13.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\dj river - Ambient Chillout Mix 5.zip
disinfected: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\eBay Auction Sniper 3.1.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\eNoteBook 3.1.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\eSignal MetaStock Professional 9.0.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\eTrust Personal Firewall 5.5.114.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\eTrust PestPatrol 5.0 Anti-Spyware.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\footballMusic.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\Grand Theft Auto Liberty City Stories.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\Grand Theft Auto San Andreas.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\Grand Theft Auto Vice City.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\Grand Theft Auto.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\Grateful Dead Live at Swing Auditorium.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\Great List Of Flash Books.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\Great Metal Covers 25.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\Green day - Bullet in A Bible (2005).zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\Green Day - Bullet In A Bible.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\Green Day - International Superhits.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\Green street hooligans.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\GridinSoft Backup 2.2.0.5.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\GridinSoft Notepad 3.0.1.5.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\Guide to Migrating Files and Settings.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\Guitar Pro 4.10.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\Guitar Pro 5 RSE.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\Guitar Rig 1.2.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\Gun.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\Gunner Palace (2005).zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\Gunz The Duel.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\Habakuk - Muzyka S.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\Hacker 2005 - The Broken Link.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\Hacker 2005 The Broken Link.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\Hacker Toolbox.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\Hackers 2 - Operation Takedown.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\Hackers 2.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\Hackers Toolkit Suite 2005.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\Hacking Firefox.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\Hacksoft AIO.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\Hakan Tayan - Mutluluk Yamuru, 2005.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\Half Life 2.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\Half Light (2006).zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\Half-Life 2 - Lost Coast.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\Half-Life 2 Done Quick Movie - 663.82MB.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\Half-Life 2.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\Half-Life.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\Half-Life2 Antlion Troopers Deuce.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\Halo PC And Halo CE.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\Hamster Ball 1.00.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\Handy Backup DVD Edition 4.5.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\Hangman Pro 1.08.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\Happy Digital For Lightwave3d.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\Happy Hardcore CD 2, techno trance.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\Hard Disk Sentinel 1.02.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\HardCopy Pro 2.5.0.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\Hardcore Techno 100% Hits Vol 3 (2005).zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\Harold and Kumar Go to White Castle (2.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\Harold and Kumar Go to White Castle.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\Harry Potter and the Goblet of Fire - Visions.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\Harry Potter and the Goblet of Fire Mo.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\Harry Potter and the Goblet of Fire.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\Harry Potter and the half blood prince.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\Harry Potter and the Prisoner of Azkaban.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\Harry Potter Half Blooded Prince.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\Harry Potter the Goblet of Fire Soundt.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\Harry.Potter.Goblet.Fire.TS.XviD-maVen.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\Harvest Moon A Wonderful Life.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\HDD Regenerator 1.51.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\HDDLife Pro 2.5.74.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\HDGUARD 4.0.0.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\Hearthside Family Records Investor.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\Heidi The.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\HelioBarXP 2.6.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\HellFire-I T K.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\Hellraiser Hellworld.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\HentaII 3D 17.00.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\Hero Video Convert 2.7.2.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\Hero Video Converter 2.7.7.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\Heroes of the Pacific.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\Hidden Camera 2.15.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\Hidden File-System 1.0.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\Hidden Recorder 1.7.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\Hide IP 1.0.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\Hide IP Plantium 2.0.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\Hide IP Platinum 1.72.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\Hide IP Platinum 1.73.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\Hide IP Platinum 1.75.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\Hide IP Platinum 2.0.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\Hide IP Platinum 2.3.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\Hide IP Platinum 2.31.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\Hide IP Platinum 2.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\Hide Window Now 2.5.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\Hide-IP.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\HiDownload 6.2.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\HiDownload 6.4.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\HiDownload 6.84.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\HiDownload Pro 6.8.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\High Impact Email Pro 3.2.212.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\High Style Virtual Desktop 1.02.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\Hilary Duff - Santa Claus Lane (2003).zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\Hilary Duff Most Wanted 2005.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\HIP HOP Classics 2005.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\Hiren's BootCD 7.6.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\Hirens BOOTCD 7.7 January 2006.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\History Sweeper 2.61.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\Hit Parader Magazine (October 2005).zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\Hit-Recorder 1.6.56.12.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\Hitch (2004).zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\Hitman 2.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\Hitman codename47.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\HitS wallpaper.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\HitSWallpaper.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\Home Delivery.Proper.2005.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\Home Plan Pro 5.1.39.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\Honestech VHS To DVD 2.0.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\Hoo Technologies Net Meter 3.0.0.221.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\Hooligans -Storm Over Europe.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\Hostel.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\Hosting Scripts.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\Hot reality girl (18).zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\Houdini Master 8.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\House of pain - Fine malt lyrics.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\House of The Dead 3.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\House Of The Dead III.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\House of Wax.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\How to Feed Friends and Influence Peo.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\How to Feed Friends and Influence People.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\How to Flirt Tips Hot.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\How to Make Anyone Fall in Love with Y.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\HT Video Editor 6.5.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\HTML Ease Pro 3.0A.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\HTML Link Validator 4.37.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\HTML4 For Dummies.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\HTMLRunExe 2.0.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\HTTPWatch 3.2.0.63.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\HTTPWatch 3.2.0.65.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\httpwww.warezFun with Dick and Jane (2005).zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\Hundreds Of Rapidshare Links.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\Hunter - Requiem.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\HUNTER - T.E.L.I.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\Hurt - Dok.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\Hustlers Barely Legal #1.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\Hydra Icon Editor 1.0.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\HyperCam 2.13.00.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\HyperSnap-DX 5.60.06.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\HyperSnap-DX 5.62.04.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\HyperSnap-DX 5.63.02.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\HyperSnap-DX 6.01.02.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\I Love Disco Energy Vol.1 (CD1).zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\I-Sound WMA MP3 Recorder Pro 6.57.3.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\IArt 3.11.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\Icash 3.01.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\Icash 3.02.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\Ice Men (2004).zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\Icon Pack Garbage In, Garbage Out.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\Icon Pack Hally.icl.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\Icon Pack Layered System.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\Icon Pack Office In Vitro.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\Icon Pack Photoreal Icons (Mac OS Icons.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\Icon Searcher 2.92.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\IconBuffet Deep Ellum Icons.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\IconChanger 3.4.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\IconPackager Enhanced 3.00a.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\Icons Canon and Konica icons.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\Icons from File 3.3.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\ICopyDVDs2 Standard Edition 4.1.0.2.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\ICQ Lite 5.03.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\idBatcher 1.1.0.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\IdFramer 1.9.0.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\idImager 2.6.1.6.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\IE Doctor 3.6.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\IE Internet Security 6.1.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\IERescuer 1.2.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\Igoodsoft Enterprise Development Edition 1.01.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\Ill Nino - One Nation Underground.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\IM2 2.0.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\Image for DOS 1.94.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\Image To PDF 2.6.0.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\Image-Line Sytrus VSTi DXi 2.0.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\IMAGINE (John Lennon).zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\Imperial Glory.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\ImTOO 3GP Video Converter 2.1.55.1117b.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\ImTOO AIO.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\ImTOO Audio Encoder 2.1.42.1223.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\ImToo DVD Audio Ripper 1.0.32.1112.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\ImTOO DVD Ripper 2.0.25.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\ImToo iPod Movie Converter 2.1.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\ImTOO MPEG Encoder 2.1.54.922B.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\ImTOO Mpeg Encoder 2.1.55.1008b.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\ImTOO PSP Video Converter 2.1.55.1205.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\In her Shoes 2005.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\Inbit FullShot Enterprise 8.5.1.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\IncrediMail Build 1836b.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\IncrediMail Xe Premium 2180.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\IncrediMail Xe Premium 4.00.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\IncrediMail Xe Premium.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\Inetpromoter Web Rank 3.0.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\InkSaver 2.0.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\InnovaStudio WebCMS 1.3.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\Insaniquarium Deluxe Plus.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\InstallShield 10.5 Premier.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\InstallShield AdminStudio 6.0 Pro.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\Instant Backup 1.3.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\Instant Demo Professional 5.00.03.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\InstantCashBook 3.0.4.3.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\Intelli HyperSpeed 2005 1.5.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\IntelliJ IDEA 5.0.2.3542.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\Interlogy Profile Manager Basic v 3.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\Internet Caffe 5.0.12.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\Internet Download Accelerator 4.1.1.814.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\Internet Download Accelerator 4.1.2.845.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\Internet Download Accelerator 4.4.1.935.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\Internet Download Accelerator 4.4.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\Internet Download Accelerator 4.41.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\Internet Download Manager 4.02.3.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\Internet Download Manager 4.07.2.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\Internet Download Manager 4.07.3.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\Internet Download Manager 5.00 B.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\Internet Download Manager 5.01.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\Internet Download Manager.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\Internet Explorer 7 Beta 1.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\Internet Explorer 7 Plus.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\Internet Explorer 7.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\Internet Kiosk 2.8.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\Internet Kiosk Pro 2.8.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\Internet Lock 3.0.6.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\Internet Macros 5.01.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\Internet ScreenSaver Builder 5.10.040901.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\iNTERNET TURBO 5.4.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\Interpex IX1D 3.27.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\InterVideo DVD Copy GoldPlatinum 3.0.B016.43C00.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\InterVideo DVD Copy Platinum 4.5.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\InterVideo DVDCopy Platinum 3.0 B016.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\Intervideo WinDVD Platinum 7.0.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\Intervideo WinDVR 3.0.79.81.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\Into the Blue.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\Introducing Visual Basic 2005 for Develo.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\Invisible Browsing 4.0.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\Invision Power Board 2.1.1.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\Invision Power Board 2.1.3.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\Inzomia Image Encrypt 1.01.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\Iolo Search and Recover 2.5.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\iolo System Mechanic Professional 6.0g.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\Iomatic System Medic v 4.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\IP-Tools 2.5.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\IpInterceptor 2.1.9.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\IPMonitor 5.6.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\iPod Access 2.5.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\IPod Access 2.6.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\IPScanner 1.77.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\IrfanView 3.98.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\Iron Speed Designer 3.2.2.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\IronFTP 2.1.1.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\IronFTP Server 2.1.2.368.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\Irreversable.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\ISilo 4.29.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\Isle of the Dead.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\ISO Commander 1.6.037.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\ISO Commander 1.6.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\Isobuster 1.9 (build 1.9.0.3).zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\Isobuster 1.9.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\IsoBuster Pro 1.6.0.19.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\IsoBuster Pro 1.8.0.4.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\Isoeditor 1.0.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\ISS BlackICE PC Protection 3.6.cot.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\ISS BlackICE PC Protection 3.6.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\ISS BlackICE PC Protection SerPro.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\ISS BlackICE Server Protection 3.6.cot.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\IT Security Magazine August 2005.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\IVideoMAX 3.0.2.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\IZoomMouse 1.01.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\J.River Media Center 11.1.46.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\J.River Media Center 11.1.66.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\Jack Johnson - A Weekend At The Greek.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\[bleep] The.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\Jadakiss - Kiss Tha Game Goodbye.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\Jaes pantyhose (18).zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\JAlbum 6.0 beta 7 PL.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\Jarhead (2005).zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\Jarhead.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\JasFTP 6.21.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\Java Programming with Oracle JDBC.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\Jay and Silent Bob Do Degrassi.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\Jay-Z-The Black Album (2003).zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\Jazz Jackrabbit 1-3 &amp; gba.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\Jazz Jackrabbit 2005.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\Jeepers Creepers.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\jetAudio 6.2.3.7012 Plus VX U.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\Jets to Brazil - Live at Irving Plaza.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\Jimi Hendrix - Raw Blues.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\Jimmy Eat World-Futures-2004-FNT.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\Jingle Bell Jazz.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\Joe Satriani - Not of This Earth.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\Johhny Cash-American IIISolitary Man.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\John Klemmer - Touch.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\John Lennon - Imagine.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\John Lennon - Live In New York City.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\Johnny Cash Greatest Hits.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\Jon Jenkins - Beyond City Light.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\JSPMaker 1.0.1.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\Judas Priest - Live in Tucson, AZ.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\Juiced.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\Julio Iglesias - L'homme Que Je Suis (20.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\Jurassic Park (PSX).zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\JusikSoft Remote Control Tools 1.0.0.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\Just Friends.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\Just Money 1.13.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\jv16 PowerTools 2005 1.5.0.278.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\K-Lite Codec Pack 2.62 Full + K-Lite M.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\K-Lite Mega Codec Pack 1.38.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\K-Lite Mega Codec Pack.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\K-maro - La good life.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\K-Paz De La Sierra - Mas Capaces Que N.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\Kanye West - The College Dropout.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\Kasparov Chessmate 3D.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\Kaspersky Anti-Hacker 1.5.119.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\Kaspersky Anti-Hacker 1.7.130.0.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\Kaspersky Anti-Virus 2006 Beta Build 6.0.15.225.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\Kaspersky Anti-Virus Personal 2006.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\Kaspersky Anti-Virus Personal 5.0.153.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\Kaspersky Anti-Virus Personal 5.0.388.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\Kaspersky AntiVirus Personal 2006.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\Kaspersky Antivirus Personal Pro 5.0.3.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\Kaspersky Antivirus Personal Pro 5.0.388.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\Kaspersky Internet Security 2006 6.0.14.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\Kate Bush Aerial (2005) 2CD.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\Kathleens Diet Planner 12.3.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\KaZaA 2.7.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\Kazaa Plus 2.6.6.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\KazaaBegone.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\Kenan Doulu - Alti Buçuk.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\Kenny Rogers Back to the well.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\Kenny Rogers Collectors.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\Kerio MailServer 5.7.10.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\Kerio Mailserver 6.0.10.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\Kerio MailServer 6.1.1.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\Kerio MailServer 6.11.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\Kerio Personal Firewall 4.13.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\Kerio Personal Firewall 4.2.1.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\Kerio Personal Firewall 4.2.2.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\Kerio Personal Firewall 4.21.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\Kerio Server Firewall 1.1.2.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\Kerio Server Firewall V.1.1.2.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\Kerio WinRoute Firewall 6.1.3.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\Kerio WinRoute Firewall 6.1.4.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\Keyboard Sounder 1.22.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\Kill Deal.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\Killing MegaUpload 45-second wait.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\King Kong (2005).zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\King Kong 2005.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\King Kong 2006 DVD Quality.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\King Kong, Skull Island Adventure.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\King Kong.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\King of Queens.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\Kingdia DVD Ripper 2.47.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\Kingdia DVD Ripper Professional 2.4.10.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\Kingdia DVD Ripper Professional 2.4.7.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\Kingdom Under Fire.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\KingDome Of Heaven.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\Kiss Pinball.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\KitchenDraw 4.53.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\KL Codec Pack 2.47.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\KLS Backup 2005 Pro 1.7.0.012.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\KLS Backup 2005 Professional 1.7.1.483.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\Knights of the temple 2.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\Knoppix 3.9.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\Knoppix 4.0.2.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\Kofax Capio 1.52.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\KoolMoves 4.7.2.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\KoolMoves 5.1.3.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\Korg Legacy Collection 1.16.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\Korn - See You On The Other Side (2005.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\Korn - Twisted Transistor (CDS) - 2005.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\Korn - untouchable.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\La Quinta Estacion - Flores de alquile.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\Lamborghini American Challenge.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\LanBuster 1.03.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\Land of the Dead Road to Fiddlers Green.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\Land Of The Dead.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\Language Engineering Power Translator.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\LANsurveyor 9.5.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\Laurie Anderson - Big Science.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\Lavasoft Ad-Aware Pro 1.06.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\Lavavo CD Ripper 4.19.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\Leafdigital leafDrums 2.33.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\Learn Microsoft Visual C 6.0 Now.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\Learn Telepathy 1.0.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\LeechGet 2005 1.5 b1600.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\Legend of Mir.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\Legend of Zorro (2005).zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\Leisure Suit Larry 7 Love for Sail.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\Lemonade Tycoon 2 N York City.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\Lenny Kravitz - 'Baptism' (2004).zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\Lenny Kravitz - Greatest Hits 2000.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\Letter Chase Speed Reading Software 1.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\Light Alloy 3.3.5865.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\Light Alloy 3.4.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\Ligno3D Designer 3.40.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\LikeRusXP 3.9.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\Lilo and Stitch 2 (2005).zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\Lilo And Stitch 2.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\limewire 4.9.37 Pro.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\LimeWire 4.9.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\Limewire Pro 4.10.0 Final + All Skins.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\Limewire Pro 4.10.0.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\LimeWire Pro 4.9.19.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\LimeWire Pro 4.9.30.1.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\LimeWire Pro 4.9.37.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\LimeWire Professional 4.9.30.01, Scanner.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\Limp Bizkit - Results May Vary (2003).zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\Lindsay Lohan - A Little Personal.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\Linkgrabber 3.0.4.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\Linkgrabber 3.1.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\Linkin Park - Fort Minor.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\Linkin Park Reanimation.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\LinkLines 1.18.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\LinkLines 1.19.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\List of RightScripts.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\LiteMail 2.41.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\Little Fighter 2.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\Live Billiards Deluxe 1.5.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\LiveSync 1.0.0.1020.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\Loco Christmas.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\Logo Creators AIO.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\Logo Design Studio 1.6.22.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\London Racer Police Madness.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\LondonRacer Destruction Madness 2005.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\Longhorn Pinstripe PNG.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\Lord Of The Ring Audio Books.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\Lord of War (2005).zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\Lord Of War.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\Lords Of Dogtown.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\Lotto007 2005 5.4.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\Lotto007 XP 2005 6.4.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\Lotto007 XP 2005 6.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\LottoCheckPro 1.1 German.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\Lotus Engineering Software.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\Love and Sex eBook Collections.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\Ludacris - Back For The First Time.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\Luis Royo Wallpapers.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\Lunar Strike.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\Luxor 1.0.5.34.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\Luxor V.1.0.5.34.S.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\M83 - Before the Dawn Heals Us.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\Mac Os X - Tiger - 4 CD.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\Macraigor Systems Flash Programmer.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\Macro Mania 10.2.1.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\Macro Recorder 2.11.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\Macro Recorder 2.20.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\MacroMachine 3.1.4.0.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\Macromedia 8.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\Macromedia Contribute 3.11.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\Macromedia Dreamweaver 8.0.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\Macromedia Dreamweaver 8.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\Macromedia Dreamweaver MX 2004 Magi.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\Macromedia Dreamweawer.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\Macromedia Fireworks 8.0.0.777.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\Macromedia Flash MX 2004.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\Macromedia Flash Player 8.5.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\Macromedia Flash Pro8 Plus.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\Macromedia Flash Professional 8 Unleashe.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\Macromedia Flash Professional 8.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\Macromedia Studio 8 Pro MX.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\Macromedia Studio 8.0.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\Macromedia Studio 8.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\Macromedia Studio MX 8.0.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\Macromedia.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\Madagascar.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\Madden 2006.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\Madonna - Confessions On A Dance Floor.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\Madonna - Hung Up (Promo CD 2005).zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\Madonna - Sorry - Promo-2006.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\Madonna - Vogue (1999) - mpeg.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\Madonna 1979.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\Magic Ball 2.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\Magic DVD Copier 3.0.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\Magic Gallery 4.5.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\Magic Swf2Gif 1.33.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\Magic Tweak 3.10.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\Magic Utilities 2004 3.10.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\Magic Utilities 2004 3.20.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\Magic Utilities 2005 3.60.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\Magic Utilities 2006 4.10.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\Magic Utilities 2006.4.00.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\Magicbit 3GP Converter 1.0.53.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\Magicbit DVD Ripper Deluxe 1.3.20.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\MagicMedia 3.25.50920.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Bryan\Complete\MagicMedia 3.27.51213.zip
deleted: virus Worm.Win32.VB.an File: C:\Documents and Settings\Br
  • 0

#11
TonV
Posted 21 January 2008 - 12:24 PM

TonV

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Deckard's System Scanner v20071014.68
Run by HP_Owner on 2008-01-21 09:40:37
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
17: 2008-01-21 17:40:56 UTC - RP17 - Deckard's System Scanner Restore Point
16: 2008-01-21 17:23:29 UTC - RP16 - Installed Windows Internet Explorer 7.
15: 2008-01-21 17:23:15 UTC - RP15 - Installed Windows IDNMitigationAPIs.
14: 2008-01-21 17:23:03 UTC - RP14 - Installed Windows NLSDownlevelMapping.
13: 2008-01-21 17:22:44 UTC - RP13 - Installed Windows XP KB915865.


-- First Restore Point --
1: 2008-01-21 02:31:40 UTC - RP1 - Installed Java™ 6 Update 3


Backed up registry hives.
Performed disk cleanup.



-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-01-21 09:42:08
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 SOS\avp.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\explorer.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system\hpsysdrv.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\hphmon06.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\ps2.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 SOS\avp.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\IE Doctor\IEDoctor.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
C:\Program Files\System & Internet Washer\cseraser.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\HP_Owner\Desktop\Virus Tools & Downloads\dss.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mapleleafs.nhl.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/search?q=%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.h...a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://mapleleafs.nhl.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: SysShield IE Popup Blocker - {9A23B8A4-C6C9-4A68-8FA6-5F905DC8FF80} - C:\Program Files\System & Internet Washer\PKExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\GoogleToolbar1.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: (no name) - - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar1.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: &IE Doctor Bar - {123249EB-F891-44C4-946F-450064F9080E} - C:\Program Files\IE Doctor\IEDrBar.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [IS CfgWiz] c:\Program Files\Common Files\Symantec Shared\cfgwiz.exe /GUID NIS /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 SOS\avp.exe"
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [IE Doctor] C:\Program Files\IE Doctor\IEDoctor.exe /min
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - Startup: System & Internet Washer.lnk = C:\Program Files\System & Internet Washer\cseraser.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html (file missing)
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html (file missing)
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html (file missing)
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html (file missing)
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html (file missing)
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.micr...heckControl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1200932759343
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 SOS\avp.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe


--
End of file - 9811 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R3 Iviaspi (IVI ASPI Shell) - c:\windows\system32\drivers\iviaspi.sys <Not Verified; InterVideo, Inc.; InterVideo ASPI Shell>
R3 Pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus® ASPI Shell>

S1 intelppm (Intel Processor Driver) - c:\windows\system32\drivers\intelppm.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

All services whitelisted.


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-01-21 09:23:00 260 --a------ C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job
2006-01-18 09:21:13 306 --a------ C:\WINDOWS\Tasks\XoftSpy.job


-- Files created between 2007-12-21 and 2008-01-21 -----------------------------

2008-01-21 09:32:00 0 d-------- C:\Program Files\System & Internet Washer
2008-01-21 09:29:41 19 --a------ C:\WINDOWS\msxfcg32.dll
2008-01-21 09:29:27 0 d-------- C:\Program Files\IE Doctor
2008-01-21 09:17:11 0 d-------- C:\Documents and Settings\All Users\Application Data\RoboForm
2008-01-21 09:16:02 0 d-------- C:\Program Files\Siber Systems
2008-01-20 23:35:11 0 d-------- C:\WINDOWS\system32\PreInstall
2008-01-20 23:28:27 87072 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-01-20 23:28:27 4540960 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-01-20 18:41:19 0 --a------ C:\Documents and Settings\HP_Owner\Application Data\wklnhst.dat
2008-01-20 18:29:44 0 dr-hs---- C:\cmdcons
2008-01-20 18:29:27 0 d-------- C:\WINDOWS\setupupd
2008-01-20 18:27:51 0 dr-h----- C:\Documents and Settings\HP_Owner\Recent
2008-01-20 18:25:28 0 d-------- C:\Documents and Settings\HP_Owner\Application Data\Identities
2008-01-20 18:25:28 0 d-------- C:\Documents and Settings\HP_Owner\Application Data\Apple Computer
2008-01-20 18:25:27 0 d-------- C:\Documents and Settings\HP_Owner\WINDOWS
2008-01-20 18:25:27 0 d--h----- C:\Documents and Settings\HP_Owner\Templates
2008-01-20 18:25:27 0 dr------- C:\Documents and Settings\HP_Owner\Start Menu
2008-01-20 18:25:27 0 dr-h----- C:\Documents and Settings\HP_Owner\SendTo
2008-01-20 18:25:27 0 d--h----- C:\Documents and Settings\HP_Owner\PrintHood
2008-01-20 18:25:27 1835008 --a------ C:\Documents and Settings\HP_Owner\NTUSER.DAT
2008-01-20 18:25:27 0 d--h----- C:\Documents and Settings\HP_Owner\NetHood
2008-01-20 18:25:27 0 dr------- C:\Documents and Settings\HP_Owner\My Documents
2008-01-20 18:25:27 0 d--h----- C:\Documents and Settings\HP_Owner\Local Settings
2008-01-20 18:25:27 0 dr------- C:\Documents and Settings\HP_Owner\Favorites
2008-01-20 18:25:27 0 d-------- C:\Documents and Settings\HP_Owner\Desktop
2008-01-20 18:25:27 0 d--hs---- C:\Documents and Settings\HP_Owner\Cookies
2008-01-20 18:25:27 0 dr-h----- C:\Documents and Settings\HP_Owner\Application Data
2008-01-20 18:25:27 0 d-------- C:\Documents and Settings\HP_Owner\Application Data\Symantec
2008-01-20 18:25:27 0 d-------- C:\Documents and Settings\HP_Owner\Application Data\Sun
2008-01-20 18:25:27 0 d-------- C:\Documents and Settings\HP_Owner\Application Data\SampleView
2008-01-20 18:25:27 0 d-------- C:\Documents and Settings\HP_Owner\Application Data\Real
2008-01-20 18:23:40 110592 -----n--- C:\WINDOWS\system32\TVMode.dll <Not Verified; Silicon Integrated Systems Corporation; TVModeLib Dynamic Link Library>
2008-01-20 18:23:40 184320 -----n--- C:\WINDOWS\system32\SiSApCom.dll <Not Verified; Silicon Integrated Systems Corporation; SiSApCom Dynamic Link Library>
2008-01-20 18:23:24 331776 --a------ C:\WINDOWS\system32\sistray.exe <Not Verified; Silicon Integrated Systems Corporation; SiS ® Compatible Super VGA SiSTray application>
2008-01-20 18:23:20 0 d-------- C:\WINDOWS\system32\trayres
2008-01-20 18:23:20 0 d-------- C:\Program Files\SiS VGA Utilities V3.63
2008-01-20 18:22:45 0 d-------- C:\Documents and Settings\Default User\Application Data\Apple Computer
2008-01-20 18:20:22 0 d-------- C:\WINDOWS\system32\SoftwareDistribution
2008-01-20 16:34:55 0 dr-h----- C:\MSOCache
2008-01-20 16:33:10 0 dr-hs---- C:\WINDOWS\system32\dllcache
2008-01-20 14:21:44 0 d-------- C:\Roxio
2008-01-20 14:02:14 0 d-------- C:\Program Files\Kaspersky Lab
2008-01-20 14:02:14 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-01-20 14:00:19 0 d-------- C:\KAV
2008-01-20 13:20:07 126476130 --a------ C:\backup.reg
2008-01-13 06:58:40 0 d-------- C:\Documents and Settings\Sally\Application Data\Grisoft
2008-01-12 12:29:53 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-01-12 11:39:00 0 d-------- C:\Program Files\Trend Micro
2008-01-10 17:58:02 262144 --a------ C:\Documents and Settings\Bryan\ntuser.dat
2008-01-04 13:44:43 0 d-------- C:\Documents and Settings\All Users\Application Data\Pure Networks


-- Find3M Report ---------------------------------------------------------------

2008-01-21 03:20:53 0 d-------- C:\Program Files\Messenger
2008-01-20 23:07:44 0 d-------- C:\Program Files\Symantec
2008-01-20 23:07:44 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-01-20 23:07:10 0 d-------- C:\Program Files\Common Files
2008-01-20 22:54:48 0 d-------- C:\Program Files\Sonic
2008-01-20 22:50:58 0 d-------- C:\Program Files\Easy Internet signup
2008-01-20 18:59:26 0 d-------- C:\Program Files\Winamp
2008-01-20 18:37:21 0 d-------- C:\Program Files\Google
2008-01-20 18:32:39 0 d-------- C:\Program Files\Java
2008-01-20 18:23:24 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-01-20 16:47:28 0 d-------- C:\Program Files\Windows NT
2008-01-20 16:47:22 0 d-------- C:\Program Files\Movie Maker
2008-01-20 13:44:02 0 d-------- C:\Program Files\quickbar
2008-01-19 12:32:13 0 d-------- C:\Program Files\Spyware Doctor
2008-01-02 17:16:17 0 d-------- C:\Program Files\Creative
2008-01-02 17:08:13 0 d-------- C:\Program Files\Common Files\Roxio Shared
2008-01-02 17:05:53 0 d-------- C:\Program Files\Sony Pictures Games
2008-01-02 16:42:06 0 d-------- C:\Program Files\Vodei
2008-01-02 16:40:02 0 d-------- C:\Program Files\Diablo II
2008-01-01 12:30:27 0 d-------- C:\Program Files\EA GAMES
2008-01-01 12:26:24 0 d-------- C:\Program Files\GameSpy Arcade
2008-01-01 12:25:51 0 d-------- C:\Program Files\EA SPORTS
2008-01-01 12:22:52 0 d-------- C:\Program Files\Acoustica Beatcraft
2007-12-17 20:10:46 0 d-------- C:\Program Files\Dassault Systemes
2007-12-17 20:09:39 0 d-------- C:\Program Files\MSXML 6.0
2007-12-17 20:06:09 0 d-------- C:\Program Files\Virtual Earth 3D
2007-12-01 08:21:35 0 d-------- C:\Program Files\Windows Live Toolbar
2007-12-01 08:17:14 0 d-------- C:\Program Files\Windows Live Favorites
2007-11-27 17:10:34 0 d-------- C:\Program Files\Separation Agreement
2007-11-22 13:25:26 0 d-------- C:\Documents and Settings\HP_Owner\Application Data\Winamp
2007-11-22 08:27:36 0 d-------- C:\Program Files\DivX


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [09/25/2007 01:11 AM]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [05/07/1998 08:04 AM]
"AGRSMMSG"="AGRSMMSG.exe" [06/29/2004 09:06 AM C:\WINDOWS\AGRSMMSG.exe]
"HPHUPD06"="c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe" [06/07/2004 10:53 AM]
"HPHmon06"="C:\WINDOWS\system32\hphmon06.exe" [06/07/2004 10:42 AM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [12/01/2004 09:39 PM]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [04/14/2004 12:43 PM]
"IS CfgWiz"="c:\Program Files\Common Files\Symantec Shared\cfgwiz.exe" []
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [04/17/2004 07:41 PM]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [04/13/2004 01:07 PM]
"PS2"="C:\WINDOWS\system32\ps2.exe" [10/16/2002 08:57 AM]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [10/14/2004 01:54 PM]
"Reminder"="C:\Windows\Creator\Remind_XP.exe" [12/18/2003 12:31 AM]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [01/15/2008 02:54 PM]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 SOS\avp.exe" [11/19/2007 11:40 AM]
"AlcxMonitor"="ALCXMNTR.EXE" [09/07/2004 12:47 PM C:\WINDOWS\ALCXMNTR.EXE]
"IE Doctor"="C:\Program Files\IE Doctor\IEDoctor.exe" [10/20/2003 03:59 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [01/20/2008 06:34 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 03:00 AM]
"RoboForm"="C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [01/21/2008 09:16 AM]

C:\Documents and Settings\HP_Owner\Start Menu\Programs\Startup\
System & Internet Washer.lnk - C:\Program Files\System & Internet Washer\cseraser.exe [1/21/2008 9:32:00 AM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2/20/2005 7:50:42 AM]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [5/29/2004 5:31:38 AM]
Updates from HP.lnk - C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe [12/1/2004 9:50:09 PM]


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{946850c5-1e27-11d9-baf0-806d6172696f}]
AutoRun\command- D:\setup.exe




-- End of Deckard's System Scanner: finished at 2008-01-21 09:44:00 ------------
  • 0

#12
andrewuk
Posted 21 January 2008 - 12:38 PM

andrewuk

    Trusted Helper

  • Malware Removal
  • 5,297 posts
woa.....and that was the kaspersky scan? did you do an online scan or did you download (and buy) the product before running it?

andrewuk
  • 0

#13
andrewuk
Posted 27 January 2008 - 11:26 AM

andrewuk

    Trusted Helper

  • Malware Removal
  • 5,297 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member with address of this thread. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP