Help - Search - Members - Calendar
Full Version: Bck/vb.xb
BleepingComputer.com > Security > HijackThis Logs and Virus/Trojan/Spyware/Malware Removal
   
DBlackbeard
Jul 15 2008, 05:18 PM
Hi there - I'm new to bleepingcomputer, so hello all!!
After a nasty spam attack, my computer wasn't functioning properly and i decided my best way out was to format and install a fresh copy of XP. I installed a fresh copy and got all my anti-virus, firewall and spyware detection software up to date to prevent future attacks. It worked for a while until a scan revealed that i have a nasty virus called Bck/VB.XB and all anti virus software does is detect it, but does not dis-infect it which is annoying because its slowing down my computer immensly!! I couldnt find any methods to manually remove the virus, in-fact i cant find much info on the virus at all!
Does any one know how i can get rid of this virus??
Panda Anti-Virus is detecting 5 of the same virus.

Deckard's System Scanner v20071014.68
Run by Dean Blackbeard on 2008-07-16 00:08:32
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
31: 2008-07-15 22:08:35 UTC - RP31 - Deckard's System Scanner Restore Point
30: 2008-07-15 20:31:50 UTC - RP30 - ComboFix created restore point
29: 2008-07-15 20:10:54 UTC - RP29 - Software Distribution Service 3.0
28: 2008-07-15 19:56:14 UTC - RP28 - Before ComboFix
27: 2008-07-14 22:09:06 UTC - RP27 - Restore Operation


-- First Restore Point --
1: 2008-07-13 12:43:26 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-07-16 00:11:01
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\PAVSRV51.EXE
C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\AVENGINE.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\TPSrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\PsCtrlS.exe
C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\PavFnSvr.exe
C:\Program Files\Common Files\Panda Software\PavShld\PavPrSrv.exe
C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\FIREWALL\PSHost.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\PsImSvc.exe
C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
C:\Program Files\Nero\Nero 7\InCD\InCD.exe
C:\Program Files\ASUS\AASP\1.00.23\aaCenter.exe
C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe
C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\APVXDWIN.EXE
C:\Program Files\Syncrosoft\POS\H2O\cledx.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\alg.exe
C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\WEBPROXY.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Dean Blackbeard\Desktop\Deckard's System Scanner.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe
O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\system32\JMRaidSetup.exe boot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SecurDisc] C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe
O4 - HKLM\..\Run: [AsusServiceProvider] C:\Program Files\ASUS\AASP\1.00.23\aaCenter.exe
O4 - HKLM\..\Run: [AsusStartupHelp] C:\Program Files\ASUS\AASP\1.00.23\AsRunHelp.exe
O4 - HKLM\..\Run: [Ai Nap] "C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe"
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [Resume copy] copyfstq.exe /startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Silver Sands Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Silver Sands Poker\GameClient.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.line6.net (HKCU)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} () - http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/get/shock...ash/swflash.cab
O17 - HKLM\SYSTEM\CCS\Services\Tcpip\..\{3A378ECA-FBEE-4656-9B14-F715DE01B8CD}: NameServer = 196.38.218.4 196.38.218.5
O18 - Protocol: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Unknown owner - C:\Program Files\Nero\Nero 7\Nero
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Panda Software Controller - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\PsCtrlS.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\PavFnSvr.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\PavPrSrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\PAVSRV51.EXE
O23 - Service: Panda Host Service (PSHost) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\FIREWALL\PSHost.exe
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\PsImSvc.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Panda TPSrv (TPSrv) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\TPSrv.exe


--
End of file - 8846 bytes

-- File Associations -----------------------------------------------------------

.js - JSFile - shell\open\command - C:\PROGRA~1\PANDAS~1\PANDAA~1\PAVSCRIP.EXE "%1" %*
.vbs - VBSFile - shell\open\command - C:\PROGRA~1\PANDAS~1\PANDAA~1\PAVSCRIP.EXE "%1" %*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 axwhisky - c:\windows\system32\drivers\axwhisky.sys
R0 axwskbus - c:\windows\system32\drivers\axwskbus.sys
R1 Asapi - c:\windows\system32\drivers\asapi.sys <Not Verified; VOB Computersysteme GmbH; asapi>
R3 AvFlt (Antivirus Filter Driver) - c:\windows\system32\drivers\av5flt.sys (file missing)
R3 CLEDX (Team H2O CLEDX service) - c:\windows\system32\drivers\cledx.sys <Not Verified; Team H2O; CLEDX>
R3 l6TportUX8 (Service - Line 6 TonePort UX8) - c:\windows\system32\drivers\l6tportux8.sys <Not Verified; Line 6; GuitarPort>
R3 PavSRK.sys - c:\windows\system32\pavsrk.sys (file missing)
R3 PavTPK.sys - c:\windows\system32\pavtpk.sys (file missing)

S3 catchme - c:\combofix\catchme.sys (file missing)
S3 RTLE8023xp (Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver) - c:\windows\system32\drivers\rtenicxp.sys <Not Verified; Realtek Semiconductor Corporation; Realtek 10/100/1000 NIC Family all in one NDIS Driver>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>

S3 NBService - c:\program files\nero\nero 7\nero backitup\nbservice.exe


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Realtek RTL8168/8111 PCI-E Gigabit Ethernet NIC
Device ID: PCI\VEN_10EC&DEV_8168&SUBSYS_81AA1043&REV_01\4&935E26E&0&00E3
Manufacturer: Realtek Semiconductor Corp.
Name: Realtek RTL8168/8111 PCI-E Gigabit Ethernet NIC
PNP Device ID: PCI\VEN_10EC&DEV_8168&SUBSYS_81AA1043&REV_01\4&935E26E&0&00E3
Service: RTLE8023xp

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Sony Ericsson Device 089 USB Ethernet Emulation (NDIS 5)
Device ID: SE59CR\{506777F6-D588-45D6-803A-35B96E16D8F1}\3598860180511350_08
Manufacturer: Sony Ericsson
Name: Sony Ericsson Device 089 USB Ethernet Emulation (NDIS 5)
PNP Device ID: SE59CR\{506777F6-D588-45D6-803A-35B96E16D8F1}\3598860180511350_08
Service: se59nd5

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: PCI Modem
Device ID: PCI\VEN_1057&DEV_3052&SUBSYS_30201057&REV_04\4&1FAF5EA3&0&10F0
Manufacturer:
Name: PCI Modem
PNP Device ID: PCI\VEN_1057&DEV_3052&SUBSYS_30201057&REV_04\4&1FAF5EA3&0&10F0
Service:


-- Files created between 2008-06-16 and 2008-07-16 -----------------------------

2008-07-15 23:45:46 0 d-------- C:\WINDOWS\LastGood
2008-07-15 22:31:32 68096 --a------ C:\WINDOWS\zip.exe
2008-07-15 22:31:32 49152 --a------ C:\WINDOWS\VFind.exe
2008-07-15 22:31:32 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-07-15 22:31:32 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-07-15 22:31:32 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-07-15 22:31:32 98816 --a------ C:\WINDOWS\sed.exe
2008-07-15 22:31:32 80412 --a------ C:\WINDOWS\grep.exe
2008-07-15 22:31:32 89504 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-07-15 22:23:32 0 dr-hs---- C:\cmdcons
2008-07-15 22:23:26 0 d-------- C:\WINDOWS\setup.pss
2008-07-15 22:20:30 0 d-------- C:\WINDOWS\setupupd
2008-07-15 22:12:54 18328 --a------ C:\Documents and Settings\Dean Blackbeard\Application Data\GDIPFONTCACHEV1.DAT
2008-07-15 22:10:59 0 d-------- C:\WINDOWS\system32\PreInstall
2008-07-15 13:03:27 0 d-------- C:\Documents and Settings\Dean Blackbeard\Application Data\AdobeUM
2008-07-14 17:01:47 0 d-------- C:\WINDOWS\$hf_mig$
2008-07-13 23:10:59 0 d-------- C:\WINDOWS\system32\SoftwareDistribution
2008-07-13 18:17:09 0 d-------- C:\Documents and Settings\Dean Blackbeard\Application Data\Macromedia
2008-07-13 18:17:09 0 d-------- C:\Documents and Settings\Dean Blackbeard\Application Data\Adobe
2008-07-13 17:55:07 0 d---s---- C:\Documents and Settings\Dean Blackbeard\UserData
2008-07-13 17:17:52 0 d-------- C:\Documents and Settings\Dean Blackbeard\Application Data\Teleca
2008-07-13 17:17:26 0 d-------- C:\Documents and Settings\Dean Blackbeard\Application Data\Sony Ericsson
2008-07-13 17:15:50 0 d-------- C:\Documents and Settings\All Users\Application Data\Sony Ericsson
2008-07-13 17:15:40 0 d-------- C:\Program Files\Common Files\Sony Ericsson Shared
2008-07-13 17:15:38 0 d-------- C:\Program Files\Sony Ericsson
2008-07-13 17:15:38 0 d-------- C:\Program Files\Common Files\Teleca Shared
2008-07-13 17:15:38 0 d-------- C:\Documents and Settings\All Users\Application Data\Teleca
2008-07-13 17:15:32 0 d-------- C:\WINDOWS\Downloaded Installations
2008-07-13 17:00:24 0 d-------- C:\temp
2008-07-13 17:00:22 0 d-------- C:\Program Files\Silver Sands Poker
2008-07-13 16:44:08 0 d-------- C:\Documents and Settings\Dean Blackbeard\Application Data\Apple Computer
2008-07-13 16:44:01 0 d-------- C:\Program Files\iPod
2008-07-13 16:43:59 0 d-------- C:\Program Files\iTunes
2008-07-13 16:43:21 0 d-------- C:\Program Files\QuickTime
2008-07-13 16:43:20 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-07-13 16:43:13 0 d-------- C:\Program Files\Apple Software Update
2008-07-13 16:43:03 0 d-------- C:\Program Files\Common Files\Apple
2008-07-13 16:43:02 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-07-13 16:42:23 0 d-------- C:\Program Files\VideoLAN
2008-07-13 16:41:57 82898 --a------ C:\WINDOWS\uninstall.exe
2008-07-13 16:40:12 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-07-13 16:40:05 0 d-------- C:\Program Files\Spyware Doctor
2008-07-13 16:40:05 0 d-------- C:\Documents and Settings\Dean Blackbeard\Application Data\PC Tools
2008-07-13 16:37:59 0 d-------- C:\Documents and Settings\Dean Blackbeard\Application Data\REAPER
2008-07-13 16:36:56 0 d-------- C:\Program Files\Microsoft ActiveSync
2008-07-13 16:36:43 0 d-------- C:\WINDOWS\ShellNew
2008-07-13 16:24:21 0 d-------- C:\Program Files\WinAce
2008-07-13 16:20:46 0 d-------- C:\Program Files\Alcohol Soft
2008-07-13 16:18:23 0 d-------- C:\Program Files\Common Files\Adobe
2008-07-13 16:18:22 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe
2008-07-13 16:17:09 0 d--hs---- C:\WINDOWS\Installer
2008-07-13 16:17:08 0 d-------- C:\Program Files\Common Files\ODBC
2008-07-13 16:17:05 0 dr------- C:\Program Files
2008-07-13 16:17:05 0 d-------- C:\Program Files\Common Files
2008-07-13 16:17:05 0 d-------- C:\Program Files\Common Files\SpeechEngines
2008-07-13 16:16:43 0 d--h----- C:\Documents and Settings\Default User\Templates
2008-07-13 16:16:43 0 dr------- C:\Documents and Settings\Default User\Start Menu
2008-07-13 16:16:43 0 dr-h----- C:\Documents and Settings\Default User\SendTo
2008-07-13 16:16:43 0 d--h----- C:\Documents and Settings\Default User\Recent
2008-07-13 16:16:43 0 d--h----- C:\Documents and Settings\Default User\PrintHood
2008-07-13 16:16:43 0 d--h----- C:\Documents and Settings\Default User\NetHood
2008-07-13 16:16:43 0 d-------- C:\Documents and Settings\Default User\My Documents
2008-07-13 16:16:43 0 dr-h----- C:\Documents and Settings\Default User\Local Settings
2008-07-13 16:16:43 0 d-------- C:\Documents and Settings\Default User\Favorites
2008-07-13 16:16:43 0 d-------- C:\Documents and Settings\Default User\Desktop
2008-07-13 16:16:43 0 d---s---- C:\Documents and Settings\Default User\Cookies
2008-07-13 16:16:43 0 d--h----- C:\Documents and Settings\All Users\Templates
2008-07-13 16:16:43 0 dr------- C:\Documents and Settings\All Users\Start Menu
2008-07-13 16:16:43 0 d-------- C:\Documents and Settings\All Users\Favorites
2008-07-13 16:16:43 0 dr------- C:\Documents and Settings\All Users\Documents
2008-07-13 16:16:43 0 d-------- C:\Documents and Settings\All Users\Desktop
2008-07-13 16:14:54 0 d-------- C:\WINDOWS\system32\CatRoot2
2008-07-13 16:14:54 0 d-------- C:\WINDOWS\system32\CatRoot
2008-07-13 16:14:49 0 dr-h----- C:\Documents and Settings\Default User\Application Data
2008-07-13 16:14:49 0 d---s---- C:\Documents and Settings\Default User\Application Data\Microsoft
2008-07-13 16:14:49 0 dr-h----- C:\Documents and Settings\All Users\Application Data
2008-07-13 16:14:49 0 d---s---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-07-13 16:14:27 0 d--hs---- C:\System Volume Information
2008-07-13 16:14:27 0 d-------- C:\Documents and Settings
2008-07-13 16:07:16 0 d-------- C:\WINDOWS
2008-07-13 16:07:16 0 d-------- C:\WINDOWS\WinSxS
2008-07-13 16:07:16 0 dr------- C:\WINDOWS\Web
2008-07-13 16:07:16 0 d-------- C:\WINDOWS\twain_32
2008-07-13 16:07:16 0 d-------- C:\WINDOWS\system32
2008-07-13 16:07:16 0 d-------- C:\WINDOWS\system32\wins
2008-07-13 16:07:16 0 d-------- C:\WINDOWS\system32\wbem
2008-07-13 16:07:16 0 d-------- C:\WINDOWS\system32\usmt
2008-07-13 16:07:16 0 d-------- C:\WINDOWS\system32\spool
2008-07-13 16:07:16 0 d-------- C:\WINDOWS\system32\ShellExt
2008-07-13 16:07:16 0 d-------- C:\WINDOWS\system32\Setup
2008-07-13 16:07:16 0 d-------- C:\WINDOWS\system32\ras
2008-07-13 16:07:16 0 d-------- C:\WINDOWS\system32\oobe
2008-07-13 16:07:16 0 d-------- C:\WINDOWS\system32\npp
2008-07-13 16:07:16 0 d-------- C:\WINDOWS\system32\mui
2008-07-13 16:07:16 0 d-------- C:\WINDOWS\system32\inetsrv
2008-07-13 16:07:16 0 d-------- C:\WINDOWS\system32\IME
2008-07-13 16:07:16 0 d-------- C:\WINDOWS\system32\icsxml
2008-07-13 16:07:16 0 d-------- C:\WINDOWS\system32\ias
2008-07-13 16:07:16 0 d-------- C:\WINDOWS\system32\export
2008-07-13 16:07:16 0 d-------- C:\WINDOWS\system32\drivers
2008-07-13 16:07:16 0 d-------- C:\WINDOWS\system32\drivers\etc
2008-07-13 16:07:16 0 d-------- C:\WINDOWS\system32\drivers\disdn
2008-07-13 16:07:16 0 dr-hs--c- C:\WINDOWS\system32\dllcache
2008-07-13 16:07:16 0 d-------- C:\WINDOWS\system32\dhcp
2008-07-13 16:07:16 0 d-------- C:\WINDOWS\system32\config
2008-07-13 16:07:16 0 d-------- C:\WINDOWS\system32\3com_dmi
2008-07-13 16:07:16 0 d-------- C:\WINDOWS\system32\3076
2008-07-13 16:07:16 0 d-------- C:\WINDOWS\system32\2052
2008-07-13 16:07:16 0 d-------- C:\WINDOWS\system32\1054
2008-07-13 16:07:16 0 d-------- C:\WINDOWS\system32\1042
2008-07-13 16:07:16 0 d-------- C:\WINDOWS\system32\1041
2008-07-13 16:07:16 0 d-------- C:\WINDOWS\system32\1037
2008-07-13 16:07:16 0 d-------- C:\WINDOWS\system32\1033
2008-07-13 16:07:16 0 d-------- C:\WINDOWS\system32\1031
2008-07-13 16:07:16 0 d-------- C:\WINDOWS\system32\1028
2008-07-13 16:07:16 0 d-------- C:\WINDOWS\system32\1025
2008-07-13 16:07:16 0 d-------- C:\WINDOWS\system
2008-07-13 16:07:16 0 d-------- C:\WINDOWS\security
2008-07-13 16:07:16 0 d-------- C:\WINDOWS\Resources
2008-07-13 16:07:16 0 d-------- C:\WINDOWS\repair
2008-07-13 16:07:16 0 d-------- C:\WINDOWS\Provisioning
2008-07-13 16:07:16 0 d-------- C:\WINDOWS\PeerNet
2008-07-13 16:07:16 0 d-------- C:\WINDOWS\pchealth
2008-07-13 16:07:16 0 d-------- C:\WINDOWS\mui
2008-07-13 16:07:16 0 d-------- C:\WINDOWS\msapps
2008-07-13 16:07:16 0 d-------- C:\WINDOWS\msagent
2008-07-13 16:07:16 0 d-------- C:\WINDOWS\Media
2008-07-13 16:07:16 0 d-------- C:\WINDOWS\java
2008-07-13 16:07:16 0 d--h----- C:\WINDOWS\inf
2008-07-13 16:07:16 0 d-------- C:\WINDOWS\ime
2008-07-13 16:07:16 0 d-------- C:\WINDOWS\Help
2008-07-13 16:07:16 0 dr--s---- C:\WINDOWS\Fonts
2008-07-13 16:07:16 0 d-------- C:\WINDOWS\ehome
2008-07-13 16:07:16 0 d-------- C:\WINDOWS\Driver Cache
2008-07-13 16:07:16 0 d-------- C:\WINDOWS\Debug
2008-07-13 16:07:16 0 d-------- C:\WINDOWS\Cursors
2008-07-13 16:07:16 0 d-------- C:\WINDOWS\Connection Wizard
2008-07-13 16:07:16 0 d-------- C:\WINDOWS\Config
2008-07-13 16:07:16 0 d-------- C:\WINDOWS\AppPatch
2008-07-13 16:07:16 0 d-------- C:\WINDOWS\addins
2008-07-13 16:02:28 233472 --a------ C:\WINDOWS\system32\REX Shared Library.dll <Not Verified; Propellerhead Software AB; n/a>
2008-07-13 16:02:28 0 d-------- C:\Documents and Settings\Dean Blackbeard\Application Data\Propellerhead Software
2008-07-13 16:02:28 0 d-------- C:\Documents and Settings\All Users\Application Data\Propellerhead Software
2008-07-13 15:58:47 0 d-------- C:\Documents and Settings\Dean Blackbeard\Application Data\Steinberg
2008-07-13 15:53:55 487936 --a------ C:\WINDOWS\system32\rmbe3260.dll <Not Verified; RealNetworks, Inc.; RealNetworks RealProducer Build Engine (32-bit)>
2008-07-13 15:53:55 87040 --a------ C:\WINDOWS\system32\ra32sipr.dll <Not Verified; RealNetworks, Inc.; RealMedia Shared Component (32-bit)>
2008-07-13 15:53:55 21504 --a------ C:\WINDOWS\system32\ra32dnet.dll <Not Verified; RealNetworks, Inc.; RealAudio™ Shared Component (32-bit)>
2008-07-13 15:53:55 72704 --a------ C:\WINDOWS\system32\ra3228_8.dll <Not Verified; RealNetworks, Inc.; 28.8 Audio Codec for RealAudio™ (32-bit) RealVideo Encoder SDK 5.0>
2008-07-13 15:53:54 81920 --a------ C:\WINDOWS\system32\ra3214_4.dll <Not Verified; RealNetworks, Inc.; 14.4 Audio Codec for RealAudio™ (32-bit) RealVideo Encoder SDK 5.0>
2008-07-13 15:53:54 352768 --a------ C:\WINDOWS\system32\pngu3263.dll <Not Verified; RealNetworks, Inc.; RealPlayer (32-bit)>
2008-07-13 15:53:54 131072 --a------ C:\WINDOWS\system32\pneng50.dll <Not Verified; RealNetworks, Inc.; RealNetworks RealVideo Encoder Engine (32-bit)>
2008-07-13 15:53:54 130560 --a------ C:\WINDOWS\system32\pnc3250.dll <Not Verified; RealNetworks, Inc.; Low-Level API for RealAudio™ Encoder (32-bit)>
2008-07-13 15:53:54 85504 --a------ C:\WINDOWS\system32\encdnet.dll <Not Verified; RealNetworks, Inc.; RealAudio™ Shared Component (32-bit)>
2008-07-13 15:53:54 61952 --a------ C:\WINDOWS\system32\decdnet.dll <Not Verified; RealNetworks, Inc.; RealAudio™ Shared Component (32-bit)>
2008-07-13 15:51:33 33792 --a------ C:\WINDOWS\system32\drivers\cledx.sys <Not Verified; Team H2O; CLEDX>
2008-07-13 15:51:28 16896 --a------ C:\WINDOWS\system32\drivers\synasUSB.sys <Not Verified; Syncrosoft GmbH; USB protection device>
2008-07-13 15:51:27 45056 --a------ C:\WINDOWS\system32\Synsopos.exe <Not Verified; Syncrosoft Hard- und Software GmbH; Syncrosoft Synsopos>
2008-07-13 15:51:26 147456 --a------ C:\WINDOWS\system32\SynsoLChk.dll <Not Verified; Syncrosoft Hard- und Software GmbH; >
2008-07-13 15:51:26 704512 --a------ C:\WINDOWS\system32\SYNSOACC.dll <Not Verified; Syncrosoft Hard- und Software GmbH; SYNCROSOFT SYNSOACC>
2008-07-13 15:51:26 0 d-------- C:\Program Files\Syncrosoft
2008-07-13 15:42:59 0 d-------- C:\Documents and Settings\All Users\Application Data\sentinel
2008-07-13 15:42:41 281 --a------ C:\WINDOWS\system32\PavCPL.dat
2008-07-13 15:42:39 218504 --a------ C:\WINDOWS\system32\drivers\APPFCONT.DAT
2008-07-13 15:42:31 0 d-------- C:\WINDOWS\system32\PAV
2008-07-13 15:42:27 101888 --a------ C:\WINDOWS\system32\SYSTOOLS.DLL <Not Verified; Panda Software; SYSTOOLS>
2008-07-13 15:42:26 0 d-------- C:\Program Files\Panda Security
2008-07-13 15:41:43 0 d-------- C:\Program Files\Common Files\Panda Software
2008-07-13 15:36:53 905290 --a------ C:\WINDOWS\system32\libmmd.dll
2008-07-13 15:35:04 619008 -ra------ C:\WINDOWS\system32\vobhw.dll <Not Verified; VOB Computersysteme GmbH; InstantCD+DVD>
2008-07-13 15:35:04 11264 -ra------ C:\WINDOWS\system32\drivers\asapi.sys <Not Verified; VOB Computersysteme GmbH; asapi>
2008-07-13 15:35:04 19456 --a------ C:\WINDOWS\system32\asapi.dll <Not Verified; VoB Computersysteme GmbH; >
2008-07-13 15:35:04 0 d-------- C:\Program Files\VOB
2008-07-13 15:34:52 306688 --a------ C:\WINDOWS\IsUninst.exe <Not Verified; InstallShield Software Corporation; InstallShield® unInstaller>
2008-07-13 15:34:31 0 d-------- C:\Documents and Settings\Dean Blackbeard\WINDOWS
2008-07-13 15:34:29 1052672 --a------ C:\WINDOWS\system32\CDDBControl.dll <Not Verified; CDDB, Inc.; CDDBControl Module>
2008-07-13 15:31:05 167936 --a------ C:\WINDOWS\system32\l6tpux8.dll <Not Verified; Line 6; >
2008-07-13 15:31:05 521472 --a------ C:\WINDOWS\system32\drivers\l6TportUX8.sys <Not Verified; Line 6; GuitarPort>
2008-07-13 15:31:03 0 d------c- C:\WINDOWS\system32\DRVSTORE
2008-07-13 15:31:02 0 d-------- C:\Program Files\Common Files\Digidesign
2008-07-13 15:31:01 0 d-------- C:\Documents and Settings\All Users\Application Data\Line 6
2008-07-13 15:31:00 0 d-------- C:\Documents and Settings\Dean Blackbeard\Application Data\Line 6
2008-07-13 15:30:35 0 d-------- C:\Program Files\Music Production
2008-07-13 15:27:50 24576 -ra------ C:\WINDOWS\system32\AsIO.dll <Not Verified; ; AsIO Dynamic Link Library>
2008-07-13 15:27:47 0 d-------- C:\Program Files\ASUS
2008-07-13 15:24:46 0 d-------- C:\Documents and Settings\All Users\Application Data\LightScribe
2008-07-13 15:22:32 0 d-------- C:\Program Files\Common Files\LightScribe
2008-07-13 15:21:55 0 d-------- C:\Documents and Settings\All Users\Application Data\Ahead
2008-07-13 15:20:08 0 d-------- C:\Documents and Settings\All Users\Application Data\Nero
2008-07-13 15:19:48 0 d-------- C:\WINDOWS\RegisteredPackages
2008-07-13 15:16:38 0 d-------- C:\Program Files\Nero
2008-07-13 15:16:38 0 d-------- C:\Program Files\Common Files\Ahead
2008-07-13 15:13:01 0 d-------- C:\WINDOWS\nview
2008-07-13 14:55:33 0 d-------- C:\JM
2008-07-13 14:55:31 139264 -r------- C:\WINDOWS\system32\JMRaidAPI.dll <Not Verified; JMicron Technology Corp.; JMB36X RAID API Dynamic Link Library>
2008-07-13 14:55:30 1953792 -r------- C:\WINDOWS\system32\JMRaidSetup.exe <Not Verified; JMicron Technology Corp.; JMicron JMB36X RAID Configurer>
2008-07-13 14:55:27 0 d-------- C:\WINDOWS\JM
2008-07-13 14:53:42 83712 -ra------ C:\WINDOWS\system32\drivers\Rtenicxp.sys <Not Verified; Realtek Semiconductor Corporation; Realtek 10/100/1000 NIC Family all in one NDIS Driver>
2008-07-13 14:53:25 0 d-------- C:\WINDOWS\OPTIONS
2008-07-13 14:53:25 0 d-------- C:\Program Files\Realtek
2008-07-13 14:50:17 53248 -----n--- C:\WINDOWS\system32\wdmioctl.dll <Not Verified; Analog Devices Inc.; Analog Devices Inc. wdmioctl>
2008-07-13 14:50:16 1285632 -----n--- C:\WINDOWS\system32\SMMedia.dll <Not Verified; Analog Devices; SoundMAX Integrated Digital Audio>
2008-07-13 14:50:15 49152 -----n--- C:\WINDOWS\system32\DSndUp.exe <Not Verified; Analog Devices Inc.; adi DSndUp>
2008-07-13 14:50:15 45056 -----n--- C:\WINDOWS\system32\CleanUp.exe <Not Verified; adi; adi CleanUp>
2008-07-13 14:50:15 0 d-------- C:\Program Files\Analog Devices
2008-07-13 14:50:14 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-07-13 14:49:18 0 d-------- C:\Program Files\Common Files\InstallShield
2008-07-13 14:48:07 0 d-------- C:\WINDOWS\ASUSInstAll
2008-07-13 14:46:45 0 d-------- C:\WINDOWS\system32\drivers\system32
2008-07-13 14:46:45 0 d-------- C:\WINDOWS\system32\drivers\INF
2008-07-13 14:46:22 0 d-------- C:\WINDOWS\system32\ReinstallBackups
2008-07-13 14:46:21 0 d-------- C:\Program Files\Intel
2008-07-13 14:45:16 10288 --a------ C:\WINDOWS\system32\drivers\ASUSHWIO.SYS
2008-07-13 14:43:18 0 d-------- C:\Documents and Settings\Dean Blackbeard\Application Data\Identities
2008-07-13 14:43:03 0 dr------- C:\Documents and Settings\Dean Blackbeard\Favorites
2008-07-13 14:43:03 0 d-------- C:\Documents and Settings\Dean Blackbeard\Desktop
2008-07-13 14:43:03 0 d---s---- C:\Documents and Settings\Dean Blackbeard\Cookies
2008-07-13 14:43:03 0 dr-h----- C:\Documents and Settings\Dean Blackbeard\Application Data
2008-07-13 14:43:02 0 d--h----- C:\Documents and Settings\Dean Blackbeard\Templates
2008-07-13 14:43:02 0 dr------- C:\Documents and Settings\Dean Blackbeard\Start Menu
2008-07-13 14:43:02 0 dr-h----- C:\Documents and Settings\Dean Blackbeard\SendTo
2008-07-13 14:43:02 0 dr-h----- C:\Documents and Settings\Dean Blackbeard\Recent
2008-07-13 14:43:02 0 d--h----- C:\Documents and Settings\Dean Blackbeard\PrintHood
2008-07-13 14:43:02 1835008 --a------ C:\Documents and Settings\Dean Blackbeard\NTUSER.DAT
2008-07-13 14:43:02 0 d--h----- C:\Documents and Settings\Dean Blackbeard\NetHood
2008-07-13 14:43:02 0 dr------- C:\Documents and Settings\Dean Blackbeard\My Documents
2008-07-13 14:43:02 0 d--h----- C:\Documents and Settings\Dean Blackbeard\Local Settings
2008-07-13 14:42:28 0 d-------- C:\WINDOWS\SoftwareDistribution
2008-07-13 14:42:26 0 d---s---- C:\WINDOWS\system32\Microsoft
2008-07-13 14:42:26 0 d-------- C:\WINDOWS\Prefetch
2008-07-13 14:42:25 229376 --a------ C:\Documents and Settings\LocalService\NTUSER.DAT
2008-07-13 14:42:25 0 d--h----- C:\Documents and Settings\LocalService\Local Settings
2008-07-13 14:42:25 0 d---s---- C:\Documents and Settings\LocalService\Cookies
2008-07-13 14:42:25 0 d-------- C:\Documents and Settings\LocalService\Application Data
2008-07-13 14:42:25 0 d---s---- C:\Documents and Settings\LocalService\Application Data\Microsoft
2008-07-13 14:41:57 0 d--h----- C:\Documents and Settings\NetworkService\Local Settings
2008-07-13 14:41:57 0 d---s---- C:\Documents and Settings\NetworkService\Cookies
2008-07-13 14:41:57 0 d-------- C:\Documents and Settings\NetworkService\Application Data
2008-07-13 14:41:57 0 d---s---- C:\Documents and Settings\NetworkService\Application Data\Microsoft
2008-07-13 14:41:56 229376 --a------ C:\Documents and Settings\NetworkService\NTUSER.DAT
2008-07-13 14:38:47 0 d-------- C:\WINDOWS\system32\xircom
2008-07-13 14:38:47 0 d-------- C:\Program Files\microsoft frontpage
2008-07-13 14:38:41 225280 ---h----- C:\Documents and Settings\Default User\NTUSER.DAT
2008-07-13 14:38:30 0 -rahs---- C:\MSDOS.SYS
2008-07-13 14:38:30 0 -rahs---- C:\IO.SYS
2008-07-13 14:38:30 0 --a------ C:\CONFIG.SYS
2008-07-13 14:38:30 0 --a------ C:\AUTOEXEC.BAT
2008-07-13 14:37:52 0 d--hs---- C:\Documents and Settings\All Users\DRM
2008-07-13 14:37:46 0 dr------- C:\WINDOWS\Offline Web Pages
2008-07-13 14:37:46 0 d---s---- C:\WINDOWS\Downloaded Program Files
2008-07-13 14:37:40 0 d--h----- C:\Program Files\WindowsUpdate
2008-07-13 14:37:23 0 d-------- C:\WINDOWS\system32\DirectX
2008-07-13 14:36:52 0 d---s---- C:\WINDOWS\Tasks
2008-07-13 14:36:51 0 d-------- C:\Program Files\Common Files\MSSoap
2008-07-13 14:36:47 0 d-------- C:\WINDOWS\srchasst
2008-07-13 14:36:46 0 d-------- C:\WINDOWS\system32\Macromed
2008-07-13 14:36:37 0 d-------- C:\Program Files\Movie Maker
2008-07-13 14:36:29 0 d-------- C:\WINDOWS\system32\Restore
2008-07-13 14:36:02 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-07-13 14:35:49 0 d-------- C:\WINDOWS\Registration
2008-07-13 14:35:43 0 d-------- C:\Program Files\Online Services
2008-07-13 14:35:38 0 d-------- C:\Program Files\Messenger
2008-07-13 14:35:35 0 d-------- C:\Program Files\MSN Gaming Zone
2008-07-13 14:34:55 0 d-------- C:\Program Files\Windows NT
2008-07-13 14:34:52 0 d-------- C:\WINDOWS\system32\MsDtc
2008-07-13 14:34:50 0 d-------- C:\WINDOWS\system32\Com


-- Find3M Report ---------------------------------------------------------------

2008-07-13 16:16:43 62 --ahs---- C:\Documents and Settings\Dean Blackbeard\Application Data\desktop.ini


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2006/12/18 03:34 PM]
"JMB36X IDE Setup"="C:\WINDOWS\JM\JMInsIDE.exe" [2006/10/30 02:44 PM]
"JMB36X Configure"="C:\WINDOWS\system32\JMRaidSetup.exe" [2006/10/30 02:44 PM]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007/05/11 12:03 AM]
"nwiz"="nwiz.exe" [2007/05/11 12:03 AM C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007/05/11 12:03 AM]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007/03/01 03:57 PM]
"SecurDisc"="C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe" [2007/05/15 03:55 PM]
"InCD"="C:\Program Files\Nero\Nero 7\InCD\InCD.exe" [2007/05/15 03:55 PM]
"AsusServiceProvider"="C:\Program Files\ASUS\AASP\1.00.23\aaCenter.exe" [2007/01/05 11:39 AM]
"AsusStartupHelp"="C:\Program Files\ASUS\AASP\1.00.23\AsRunHelp.exe" [2006/12/29 03:54 AM]
"Ai Nap"="C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe" [2007/01/11 11:39 PM]
"APVXDWIN"="C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\APVXDWIN.exe" [2007/07/19 03:23 PM]
"H2O"="C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe" [2005/10/23 12:00 AM]
"ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [2008/04/10 03:14 PM]
"Resume copy"="copyfstq.exe" [2003/06/10 04:35 PM C:\WINDOWS\copyfstq.exe]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008/03/28 11:37 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008/03/30 10:36 AM]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007/03/28 01:07 AM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008/07/13 04:19:52 PM]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004/12/14 04:44:06 AM]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001/02/13 01:01:04 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)
avldr.dll 2007/02/15 08:02 PM 50736 C:\WINDOWS\system32\avldr.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

*Newly Created Service* - COMFILTR

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"



-- End of Deckard's System Scanner: finished at 2008-07-16 00:11:54 ------------

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Core™2 Duo CPU E6850 @ 3.00GHz
CPU 1: Intel® Core™2 Duo CPU E6850 @ 3.00GHz
Percentage of Memory in Use: 22%
Physical Memory (total/avail): 3007.11 MiB / 2340.14 MiB
Pagefile Memory (total/avail): 4893.29 MiB / 4110.77 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1893.97 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 116.44 GiB total, 105.89 GiB free.
D: is Fixed (NTFS) - 116.44 GiB total, 40.11 GiB free.
E: is CDROM (No Media)
F: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - WDC WD2500AAJS-00VTA0 - 232.88 GiB - 2 partitions
\PARTITION0 (bootable) - Installable File System - 116.44 GiB - C:
\PARTITION1 - Extended w/Extended Int 13 - 116.44 GiB - D:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FirstRunDisabled is set.

FW: Panda Antivirus 2008 Personal Firewall v7.00.00 (Panda Security)
AV: Panda Antivirus + Firewall 2008 v7.00.00 (Panda Security)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Dean Blackbeard\Application Data
CLASSPATH=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=PERSONAL
ComSpec=C:\WINDOWS\system32\cmd.exe
DEFAULT_CA_NR=CA8
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Dean Blackbeard
LOGONSERVER=\\PERSONAL
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\Program Files\Internet Explorer;;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008;C:\Program Files\QuickTime\QTSystem;C:\Program Files\Common Files\Teleca Shared
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 11, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0f0b
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\QuickTime\QTSystem\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\DEANBL~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\DEANBL~1\LOCALS~1\Temp
USERDOMAIN=PERSONAL
USERNAME=Dean Blackbeard
USERPROFILE=C:\Documents and Settings\Dean Blackbeard
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Dean Blackbeard (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> .
--> C:\Program Files\Nero\Nero 7\\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\WINDOWS\NuNInst.exe /UNINSTALL
--> C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Photoshop CS --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EFB21DE7-8C19-4A88-BB28-A766E16493BC}\Setup.exe" -l0x9
Adobe Reader 7.0 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70000000000}
AI Suite --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{310BC5E2-31AF-49BB-904D-E71EB93645DC}\Setup.exe" -l0x9
Alcohol 120% (Trial Version) --> MsiExec.exe /X{E9F81423-211E-46B6-9AE0-38568BC5CF6F}
Apple Mobile Device Support --> MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
ASAPI Update --> C:\PROGRA~1\VOB\ASAPIU~1\IWUNIN~1.EXE -uninstall C:\WINDOWS\ISUNINST.EXE -fC:\PROGRA~1\VOB\ASAPIU~1\ASAPI.isu
ASUSUpdate --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{587178E7-B1DF-494E-9838-FA4DD36E873C}\setup.exe" -l0x9
BassStation --> MsiExec.exe /I{18D03DE2-D142-4A6C-B346-2FA7C8D76A57}
Bonjour --> MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
Emagic EVP73 VSTi v1.0 --> C:\PROGRA~1\MUSICP~1\VSTPLU~1\Emagic\UNWISE.EXE C:\PROGRA~1\MUSICP~1\VSTPLU~1\Emagic\INSTALL.LOG
FL Studio 5 --> C:\Program Files\Music Production\FLStudio5\uninstall.exe
Guitar Pro 5.0 --> "C:\Program Files\Music Production\Guitar Pro 5\unins000.exe"
High Definition Audio Driver Package - KB888111 --> C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe
iTunes --> MsiExec.exe /I{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}
JMB36X Raid Configurer --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}\setup.exe" -l0x9 -removeonly
Line 6 Uninstaller --> C:\Program Files\Music Production\Line6\Tools\Line 6 Uninstaller.exe
Linplug RM IV VSTi v4.01 --> C:\PROGRA~1\MUSICP~1\VSTPLU~1\Linplug\RMIV\UNWISE.EXE C:\PROGRA~1\MUSICP~1\VSTPLU~1\Linplug\RMIV\INSTALL.LOG
Microsoft Office XP Professional with FrontPage --> MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9}
Nero 7 Essentials --> MsiExec.exe /X{A2104078-AAA5-449E-95DD-55C9443A1033}
neroxml --> MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
NVIDIA Drivers --> C:\WINDOWS\system32\nvudisp.exe UninstallGUI
Panda Antivirus + Firewall 2008 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{98032D6F-3EE6-4646-B68C-40BF012AC89B}\SETUP.exe" -l0x9 -removeonly
PC Probe II --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F7338FA3-DAB5-49B2-900D-0AFB5760C166}\setup.exe" -l0x9
PSP 84 v1.0 --> C:\PROGRA~1\MUSICP~1\PSP84~1\UNWISE.EXE C:\PROGRA~1\MUSICP~1\PSP84~1\INSTALL.LOG
QuickTime --> MsiExec.exe /I{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}
REALTEK GbE & FE Ethernet PCI-E NIC Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C9BED750-1211-4480-B1A5-718A3BE15525}\Setup.exe" -l0x9 -removeonly
REAPER --> "C:\Program Files\Music Production\REAPER\Uninstall.exe"
Reason 3.0 --> "C:\Program Files\Music Production\Reason\Uninstall Reason\unins000.exe"
Registry Mechanic 7.0 --> "C:\Program Files\Registry Mechanic\unins000.exe"
rgcAudio Pentagon I VSTi v1.0 --> "C:\Program Files\Music Production\VST Plugins\Pentagon\unins000.exe"
SecurDisc Viewer --> MsiExec.exe /X{ABD1DC2F-0D20-4C44-BEB9-3EEFA0EA1033}
Silver Sands Poker Version --> "C:\Program Files\Silver Sands Poker\unins000.exe"
Sony Ericsson PC Suite --> MsiExec.exe /I{FE6397C1-CECA-4EC3-B064-42AED7676898}
SoundMAX --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\Setup.exe" -l0x9 -removeonly
Spyware Doctor 5.5 --> C:\Program Files\Spyware Doctor\unins000.exe /LOG
Steinberg Cubase SX v3.1.1.944 --> C:\PROGRA~1\MUSICP~1\CUBASE~1\UNWISE.EXE C:\PROGRA~1\MUSICP~1\CUBASE~1\INSTALL.LOG
Steinberg WaveLab 4.0f --> C:\PROGRA~1\MUSICP~1\WaveLab\UNWISE.EXE C:\PROGRA~1\MUSICP~1\WaveLab\INSTALL.LOG
Syncrosoft's License Control --> C:\PROGRA~1\SYNCRO~1\UNWISE.EXE C:\PROGRA~1\SYNCRO~1\INSTALL.LOG
SyncroSoft Emu (Remove only) --> C:\Program Files\SyncroSoft\Pos\H2O\Uninst.exe
Total Copy 1.1 NetHorror Edition --> "C:\WINDOWS\uninstall.exe"
V-Station --> C:\PROGRA~1\MUSICP~1\VSTPLU~1\V-STAT~1\UNWISE.EXE C:\PROGRA~1\MUSICP~1\VSTPLU~1\V-STAT~1\INSTALL.LOG
VideoLAN VLC media player 0.7.2 --> C:\Program Files\VideoLAN\VLC\uninstall.exe
WinAce Archiver 2.0 --> C:\Program Files\WinAce\SXUNINST.EXE C:\Program Files\WinAce\SXUNINST.INI


-- Application Event Log -------------------------------------------------------

Event Record #/Type248 / Error
Event Submitted/Written: 07/14/2008 11:48:35 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application GP5.exe, version 5.0.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type247 / Error
Event Submitted/Written: 07/14/2008 11:48:33 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application GP5.exe, version 5.0.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type167 / Error
Event Submitted/Written: 07/13/2008 06:29:49 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application GameClient.exe, version 2.0.1.6, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type163 / Error
Event Submitted/Written: 07/13/2008 05:59:22 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application IEXPLORE.EXE, version 6.0.2900.2180, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type162 / Error
Event Submitted/Written: 07/13/2008 05:59:11 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application iexplore.exe, version 6.0.2900.2180, faulting module flash.ocx, version 6.0.79.0, fault address 0x0001cfd3.
Processing media-specific event for [iexplore.exe!ws!]



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type602 / Warning
Event Submitted/Written: 07/15/2008 11:38:08 PM
Event ID/Source: 2504 / Server
Event Description:
The server could not bind to the transport \Device\NetBT_Tcpip_{3A378ECA-FBEE-4656-9B14-F715DE01B8CD}.

Event Record #/Type600 / Error
Event Submitted/Written: 07/15/2008 11:37:59 PM
Event ID/Source: 4307 / NetBT
Event Description:
Initialization failed because the transport refused to open initial Addresses.

Event Record #/Type569 / Warning
Event Submitted/Written: 07/15/2008 10:30:49 PM
Event ID/Source: 2504 / Server
Event Description:
The server could not bind to the transport \Device\NetBT_Tcpip_{3A378ECA-FBEE-4656-9B14-F715DE01B8CD}.

Event Record #/Type567 / Error
Event Submitted/Written: 07/15/2008 10:30:40 PM
Event ID/Source: 4307 / NetBT
Event Description:
Initialization failed because the transport refused to open initial Addresses.

Event Record #/Type540 / Warning
Event Submitted/Written: 07/15/2008 10:03:19 PM
Event ID/Source: 2504 / Server
Event Description:
The server could not bind to the transport \Device\NetBT_Tcpip_{3A378ECA-FBEE-4656-9B14-F715DE01B8CD}.



-- End of Deckard's System Scanner: finished at 2008-07-16 00:11:54 ------------

SNOWHITE
Aug 4 2008, 09:34 AM
Hello and welcome to BC

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. We aim to provide the valuable service known to come from BC to every member we can, but sometimes it takes just a little longer to get to every request for help.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Upon completing the steps below a staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

Thanks and again sorry for the delay.

Please download Deckard's System Scanner (DSS) and save to your Desktop.
alternate download site

DSS will do the following:
  • Create a new System Restore point in Windows XP and Vista.
  • Clean your Temporary Files, Downloaded Program Files, Internet Cache Files, and empty the Recycle Bin on all drives.
  • Check some important areas of your system and produce a report for an analyst to review.
  • Automatically run HijackThis. It will also install and place a shortcut to HijackThis on your desktop if you do not already have it installed. So if HijackThis is not installed and DSS prompts you to download it, please answer yes.
You must be logged onto an account with administrator privileges when using.
  • Close all applications and windows.
  • Double-click on dss.exe to run it and follow the prompts.
  • If your anti-virus or firewall complains, please allow this script to run as it is not
    malicious.
  • When the scan is complete, two text files will open in Notepad:
    • main.txt <- this one will be maximized
    • extra.txt <- this one will be minimized
  • If not, they both can be found in the C:\Deckard\System Scanner folder.
  • Please copy (Ctrl+C) and paste (Ctrl+V) the contents of main.txt and extra.txt in your next reply.
-- When running DSS, some firewalls may warn that it is trying to access the Internet especially if your asked to download the most current version of HijackThis. Please ensure that you allow it permission to do so.
-- If you get a warning from your anti-virus while DSS is scanning, please allow DSS to continue as the scan is not harmful.

If you already preformed the steps above We still need to see the current state of the machine fresh scan and logs are still necessary

click on Start, click on Run
copy and paste the following in bold in the open window and then click OK
"%userprofile%\desktop\dss.exe" /config
This will open up DSS configuration
click on Check All
click Scan
DSS will now run again when finished
Please post back both logs that open in notepad
Main txt and extra txt



Next
Please do a scan with Kaspersky Online Scanner

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

Click on the Accept button and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

Please post back with dss reports main.txt, extra.txt and Kaspersky report.

Regards
SNOWHITE
Aug 10 2008, 12:31 PM
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.

Thank you smile.gif
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
Invision Power Board © 2001-2009 Invision Power Services, Inc.