BleepingComputer.com: No-desktop, Slow Logout, Login

Jump to content

Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

No-desktop, Slow Logout, Login i hate this really

#1 User is offline   yonis 

  • New Member
  • Pip
  • Find Topics
  • Group: Members
  • Posts: 7
  • Joined: 04-April 08

  Posted 04 April 2008 - 08:20 AM

hello,


i've just downloaded a keygen for eermmm sony vegas pro 8A, i don't think it is that.
i login , no desktop? i were away to school came back then that happend......
i were able to run Explorer.exe or explorer with Alt CRTL DEL.
All was fine ( i thought) till in logout........centurys..........billions???? takes to long!!!

Logining in with the welcome screen is taking years to.......

Any help without Re-install vista cuz i don't want to lose all my stuff , about 40GB of photoshop music pictures....... games ofcourse.

Help?!?! :huh:

Is there any way to re-install vista without losing my files? and without wasting 50 700mb Cd's? :huh:


~yoni


P.S. Just have it 3 weeks that's why i'm so angry :huh:

#2 User is offline   Juha 

  • Senior Member
  • PipPipPipPip
  • Find Topics
  • Group: Members
  • Posts: 512
  • Joined: 09-November 07
  • Gender:Male
  • Location:England

Posted 04 April 2008 - 09:32 AM

Quote

i've just downloaded a keygen for eermmm sony vegas pro 8A, i don't think it is that.

Why not? Since the problem happened after this, shouldn't it be the main suspect?

Also, it is probably not a good idea downloading and installing cracked software unless you are ready for trouble!

#3 User is offline   Billy O'Neal 

  • Bleepin Engineer GRADUATE
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Instructor
  • Posts: 10,380
  • Joined: 17-January 08
  • Gender:Male
  • Location:Cleveland, Ohio

Posted 04 April 2008 - 09:40 AM

My guess is that the "keygen" you downloaded is a virus.

Quote

Is there any way to re-install vista without losing my files? and without wasting 50 700mb Cd's?

You really should have a backup plan anyway....
The 2nd most common component to fail in PCs is the hard disk.

We need to see if the keygen is a virus.
  • Please click this link-->Jotti
  • When the jotti page has finished loading, click the Browse button and navigate to the following file and click Submit.
    • The keygen you downloaded

  • If Jotti is busy, try the same at Virustotal: http://www.virustotal.com/
  • Please post back the results of the scan in your next post.

Billy3
Just graduated! W00t!

Look buddy, I'm an Engineer, and that means I solve problems. Not problems like "What is beauty?" .. 'cause that would fall within the purview of your conundrums of philosophy....
Bitbucket - Twitter

#4 User is offline   yonis 

  • New Member
  • Pip
  • Find Topics
  • Group: Members
  • Posts: 7
  • Joined: 04-April 08

Posted 04 April 2008 - 09:44 AM

scanned already nothing.
And i deleted it.......it gave an error, but nothing after..... by my friend it's working fine , nothing wrong , he got vista to.

#5 User is offline   Billy O'Neal 

  • Bleepin Engineer GRADUATE
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Instructor
  • Posts: 10,380
  • Joined: 17-January 08
  • Gender:Male
  • Location:Cleveland, Ohio

Posted 04 April 2008 - 09:49 AM

What did you scan it with?

It would be nice to get the Jotti/Virus Total scan.

I want to rule out malware of that file on this one. Do you still have a copy of the keygen, or does your friend?

Billy3
Just graduated! W00t!

Look buddy, I'm an Engineer, and that means I solve problems. Not problems like "What is beauty?" .. 'cause that would fall within the purview of your conundrums of philosophy....
Bitbucket - Twitter

#6 User is offline   yonis 

  • New Member
  • Pip
  • Find Topics
  • Group: Members
  • Posts: 7
  • Joined: 04-April 08

Posted 04 April 2008 - 10:05 AM

don't has it , my friend idk , i will look for it i thought i had to torrent still.

#7 User is offline   yonis 

  • New Member
  • Pip
  • Find Topics
  • Group: Members
  • Posts: 7
  • Joined: 04-April 08

Posted 04 April 2008 - 10:10 AM

jotti:

Scan taken on 04 Apr 2008 15:07:41 (GMT)
A-Squared
Found nothing
AntiVir
Found nothing
ArcaVir
Found nothing
Avast
Found nothing
AVG Antivirus
Found nothing
BitDefender
Found nothing
ClamAV
Found nothing
CPsecure
Found nothing
Dr.Web
Found nothing
F-Prot Antivirus
Found nothing
F-Secure Anti-Virus
Found nothing
Fortinet
Found nothing
Ikarus
Found nothing
Kaspersky Anti-Virus
Found nothing
NOD32
Found nothing
Norman Virus Control
Found nothing
Panda Antivirus
Found nothing
Rising Antivirus
Found nothing
Sophos Antivirus
Found nothing
VirusBuster
Found nothing
VBA32
Found nothing


Virustotal: And yes founded!:


Antivirus Versie Laatst geüpdatet Resultaat
AhnLab-V3 - - -
AntiVir - - -
Authentium - - -
Avast - - -
AVG - - -
BitDefender - - -
CAT-QuickHeal - - -
ClamAV - - -
DrWeb - - -
eSafe - - suspicious Trojan/Worm
eTrust-Vet - - -
Ewido - - -
F-Prot - - -
F-Secure - - -
FileAdvisor - - -
Fortinet - - -
Ikarus - - -
Kaspersky - - -
McAfee - - -
Microsoft - - -
NOD32v2 - - -
Norman - - -
Panda - - -
Prevx1 - - -
Rising - - -
Sophos - - Adobe Photoshop Crack
Sunbelt - - -
Symantec - - -
TheHacker - - -
VBA32 - - -
VirusBuster - - -
Webwasher-Gateway - - Win32.Malware.gen#UPX!86 (suspicious)




Maybe faster talk on msn? billy got urs from ur profile: nhcsdh4x0r@hotmail.com?

This post has been edited by yonis: 04 April 2008 - 10:13 AM

#8 User is offline   Billy O'Neal 

  • Bleepin Engineer GRADUATE
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Instructor
  • Posts: 10,380
  • Joined: 17-January 08
  • Gender:Male
  • Location:Cleveland, Ohio

Posted 04 April 2008 - 10:40 AM

Hello again, yonis.

No on the msn, Im at work right now. Also, if we resolve the issue, it is good to have it in the forum to help others with the same problem.

Alright, this is most likely not malware. When you scan a file like this you are looking for a consensus. Most of the time, running all of these scanners at once on a file is bound to produce some false positives. I think you are okay here, given that the scanners that flagged the file flagged it as "suspicious", not bad. I.e., a possible modification of a virus, not a positive detection.

@yonis
You can ignore the following:
@Mods: I am using Deckard to help diagnose this issue (really to look at the event logs), not for malware removal, as I know well I'm supposed to not do. :huh:

@yonis, you can pay attention from here:
  • Please download Deckard's System Scanner and save it to your desktop.
  • Double click the downloaded file on your desktop.
  • DSS will produce two logs on completion, a Main.txt (Will be maximized) and an Extra.txt (Will be minimized).
  • Please include both logs in your next post.

Good luck!
Billy3
Just graduated! W00t!

Look buddy, I'm an Engineer, and that means I solve problems. Not problems like "What is beauty?" .. 'cause that would fall within the purview of your conundrums of philosophy....
Bitbucket - Twitter

#9 User is offline   yonis 

  • New Member
  • Pip
  • Find Topics
  • Group: Members
  • Posts: 7
  • Joined: 04-April 08

Posted 04 April 2008 - 10:49 AM

I'm backupping to re-install Vista ,but i will do ur scann first, And oke no msn for now :huh:.
Scanning right now , i will reply or edit this.

#10 User is offline   yonis 

  • New Member
  • Pip
  • Find Topics
  • Group: Members
  • Posts: 7
  • Joined: 04-April 08

Posted 04 April 2008 - 11:20 AM

main.txt:


Deckard's System Scanner v20071014.68
Run by Yoni on 2008-04-04 17:53:31
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- Last 5 Restore Point(s) --
9: 2008-04-04 15:33:18 UTC - RP40 - Windows Back-up
8: 2008-04-04 07:16:14 UTC - RP39 - Installed Sony Vegas Pro 8.0
7: 2008-03-31 14:14:28 UTC - RP38 - Gepland herstelpunt
6: 2008-03-30 08:38:58 UTC - RP37 - Installed Adobe Photoshop Elements 6.0.
5: 2008-03-30 07:57:08 UTC - RP36 - Installed Ad-Aware 2007


-- First Restore Point --
1: 2008-03-23 20:21:10 UTC - RP32 - Gepland herstelpunt


Backed up registry hives.
Performed disk cleanup.



-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-04-04 17:55:05
Platform: Windows Vista (6.00.6000)
MSIE: Internet Explorer (7.00.6000.16386)
Boot mode: Normal

Running processes:
C:\Windows\System32\dwm.exe
C:\Windows\System32\taskeng.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Windows\explorer.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\System32\igfxsrvc.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\DellTPad\hidfind.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\DAP\DAP.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Windows\System32\wbem\unsecapp.exe
C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe
C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\DellTPad\ApntEx.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\McAfee\VirusScan\mcvsshld.exe
C:\Windows\System32\sdclt.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Windows\System32\conime.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Yoni\Desktop\dss.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://odinms.de/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer aangeboden door Dell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.nl/ig/dell?hl=nl&cli...amp;ibd=6080303
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
F0 - system.ini: Shell=Explorer.exe C:\WINDOWS\Config\csrss.exe
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Config\csrss.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - C:\Program Files\McAfee\MSK\mcapbho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\GoogleToolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar1.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "c:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKLM\..\Run: [IP Changer 2.0] C:\Program Files\Plustech Inc.\IP Changer 2.0\yourapp.Exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [Corel File Shell Monitor] C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
O4 - HKLM\..\Run: [Corel Photo Downloader] "C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" -startup
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Policies\Explorer\Run: [Windows Printing Driver] WinSpooler.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'NETWORK SERVICE')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: QuickSet.lnk = C:\Program Files\Dell\QuickSet\quickset.exe
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\microsoft shared\Information Retrieval\msitss.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\AEstSrv.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: gearsec - GEAR Software - C:\Windows\System32\gearsec.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\Mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MpfSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\msksrver.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\System32\PSIService.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\stacsv.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: VundoFix Service (VundoFixSvc) - Atribune.org - C:\Windows\System32\VundoFixSVC.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\System32\drivers\XAudio.exe


--
End of file - 10959 bytes

-- File Associations -----------------------------------------------------------

.reg - regfile - shell\open\command - "regedit.exe" "%1"


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 SCDEmu - c:\windows\system32\drivers\scdemu.sys <Not Verified; PowerISO Computing, Inc.; scdemu>
R2 npkcrypt - \??\c:\nexon\maplestory\npkcrypt.sys
R3 tapvpn (TAP VPN Adapter) - c:\windows\system32\drivers\tapvpn.sys <Not Verified; The OpenVPN Project; TAP-Win32 Virtual Network Driver>

S3 NPPTNT2 - \??\c:\windows\system32\npptnt2.sys


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

S3 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>
S3 VundoFixSvc (VundoFix Service) - vundofixsvc.exe <Not Verified; Atribune.org; Vundofix Service>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-03-03 18:26:42 348 --a------ C:\Windows\Tasks\McQcTask.job
2008-03-03 18:26:42 362 --a------ C:\Windows\Tasks\McDefragTask.job


-- Files created between 2008-03-04 and 2008-04-04 -----------------------------

2008-04-04 17:42:43 0 d-------- C:\COMPOWER
2008-04-04 17:33:18 528 -ra------ C:\MediaID.bin
2008-04-04 09:17:10 0 d-------- C:\Users\All Users\Sony
2008-04-04 09:16:49 0 d-------- C:\Program Files\Sony
2008-04-04 09:15:53 0 d-------- C:\Program Files\Sony Setup
2008-04-02 20:59:44 0 d-------- C:\Program Files\uTorrent
2008-04-02 18:50:29 0 d-------- C:\Program Files\TubeTilla Free
2008-04-02 18:34:15 0 d-------- C:\Users\Yoni\LimeWire Saved
2008-03-30 11:29:19 0 d-------- C:\Users\All Users\FLEXnet
2008-03-30 11:21:58 24576 --a------ C:\Windows\system32\VundoFixSVC.exe <Not Verified; Atribune.org; Vundofix Service>
2008-03-30 10:50:49 0 d-------- C:\Program Files\Common Files\Macrovision Shared
2008-03-30 10:03:52 0 d-------- C:\Users\All Users\Malwarebytes
2008-03-30 10:03:51 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-03-30 09:57:42 0 d-------- C:\Users\All Users\Lavasoft
2008-03-30 00:13:48 0 d-------- C:\VundoFix Backups
2008-03-29 23:59:31 37888 --a------ C:\Windows\system32\rar.exe <Not Verified; Microsoft Corporation; Microsoft® Windows ® 2000 Operating System>
2008-03-29 18:59:24 88 -r-hs---- C:\Windows\system32\10F2201FBB.sys
2008-03-29 18:59:23 2828 --ahs---- C:\Windows\system32\KGyGaAvL.sys
2008-03-29 18:58:58 0 d-------- C:\Users\All Users\Corel
2008-03-29 18:53:33 0 d-------- C:\Program Files\Common Files\Corel
2008-03-29 18:43:26 0 d-------- C:\Program Files\Corel
2008-03-26 18:56:10 0 d-------- C:\Users\All Users\Adobe Systems
2008-03-26 18:49:33 0 d-------- C:\Program Files\Common Files\Adobe Systems Shared
2008-03-26 18:37:52 0 d-------- C:\Program Files\PowerISO
2008-03-24 23:32:14 0 d-------- C:\rPT
2008-03-22 14:54:19 0 d-------- C:\Program Files\MixMeister Fusion
2008-03-22 14:53:25 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-03-22 12:16:06 0 d-------- C:\Program Files\Hotspot Shield
2008-03-18 12:37:24 101888 --a------ C:\Windows\system32\VB6STKIT.DLL <Not Verified; Microsoft Corporation; Microsoft® Visual Basic for Windows>
2008-03-18 12:37:23 0 d-------- C:\Program Files\Plustech Inc
2008-03-18 12:37:10 305152 --a------ C:\Windows\IsUninst.exe <Not Verified; InstallShield Software Corporation; InstallShield® unInstaller>
2008-03-18 12:37:00 0 -rahs---- C:\MSDOS.SYS
2008-03-18 12:37:00 0 -rahs---- C:\IO.SYS
2008-03-18 10:12:41 0 d-------- C:\Program Files\ASIO4ALL v2
2008-03-18 10:12:23 225280 --a------ C:\Windows\system32\rewire.dll <Not Verified; Propellerhead Software AB; ReWire>
2008-03-18 10:12:23 0 d-------- C:\Program Files\VstPlugins
2008-03-18 10:10:00 0 d-------- C:\Program Files\Image-Line
2008-03-15 21:16:58 0 d-------- C:\Program Files\Windows Live Safety Center
2008-03-15 14:52:37 0 --a------ C:\Windows\nsreg.dat
2008-03-14 23:34:47 0 d-------- C:\Fraps
2008-03-14 08:04:29 46652 --a------ C:\Windows\system32\drivers\scdemu.sys <Not Verified; PowerISO Computing, Inc.; scdemu>
2008-03-13 21:59:19 0 d-------- C:\Program Files\F-CRC
2008-03-13 21:18:27 0 d-------- C:\noidea
2008-03-11 18:39:02 0 d-------- C:\ijji
2008-03-11 18:19:48 679936 --a------ C:\Windows\system32\ijjiSetup.exe <Not Verified; NHN USA; ijjiSetup Application>
2008-03-11 18:19:48 0 d-------- C:\Program Files\NHN USA
2008-03-09 20:53:34 0 d-------- C:\Program Files\JLC's Software
2008-03-09 17:32:59 0 d-------- C:\Program Files\NEXON
2008-03-08 21:39:27 0 d-------- C:\Users\All Users\Roxio
2008-03-08 09:11:07 0 d-------- C:\Users\All Users\Messenger Plus!
2008-03-07 23:24:49 0 d-------- C:\Program Files\Messenger Plus! Live
2008-03-07 23:19:51 0 d-------- C:\Windows\PCHEALTH
2008-03-07 23:10:51 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
2008-03-07 23:10:38 0 d-------- C:\Program Files\Windows Live
2008-03-07 23:09:14 0 d-------- C:\Users\All Users\WLInstaller
2008-03-07 20:00:00 0 d-------- C:\Program Files\MSXML 4.0
2008-03-06 17:06:54 0 d-------- C:\Program Files\Common Files\INCA Shared
2008-03-06 17:06:47 4682 --a------ C:\Windows\system32\npptNT2.sys <Not Verified; INCA Internet Co., Ltd.; nProtect NPSC Kernel Mode Driver for NT>
2008-03-06 15:58:23 0 d-------- C:\Nexon
2008-03-05 20:49:32 0 d-a------ C:\Users\All Users\TEMP
2008-03-05 20:49:18 50688 --a------ C:\Windows\system32\wbhelp2.dll <Not Verified; Stardock.Net, Inc; WindowBlinds for Win32 x86 machines>
2008-03-05 20:49:15 0 d-------- C:\Program Files\DAP
2008-03-05 18:25:20 0 d-------- C:\Users\Yoni\LimeWire Store Purchased
2008-03-05 18:25:20 0 d-------- C:\Users\Yoni\haha
2008-03-05 18:24:34 0 d-------- C:\Users\Yoni\Incomplete
2008-03-05 18:22:25 0 d-------- C:\Program Files\LimeWire Plus
2008-03-05 17:15:56 0 dr------- C:\Users\Yoni\Searches
2008-03-05 17:15:45 0 dr------- C:\Users\Yoni\Contacts
2008-03-05 17:14:42 0 d--hs---- C:\Users\Yoni\Sjablonen
2008-03-05 17:14:42 0 d--hs---- C:\Users\Yoni\SendTo
2008-03-05 17:14:42 0 d--hs---- C:\Users\Yoni\Recent
2008-03-05 17:14:42 0 d--hs---- C:\Users\Yoni\Netwerkprinteromgeving
2008-03-05 17:14:42 0 d--hs---- C:\Users\Yoni\NetHood
2008-03-05 17:14:42 0 d--hs---- C:\Users\Yoni\Mijn documenten
2008-03-05 17:14:42 0 d--hs---- C:\Users\Yoni\Menu Start
2008-03-05 17:14:42 0 d--hs---- C:\Users\Yoni\Local Settings
2008-03-05 17:14:42 0 d--hs---- C:\Users\Yoni\Cookies
2008-03-05 17:14:42 0 d--hs---- C:\Users\Yoni\Application Data
2008-03-05 17:14:41 0 dr------- C:\Users\Yoni\Videos
2008-03-05 17:14:41 0 dr------- C:\Users\Yoni\Saved Games
2008-03-05 17:14:41 0 dr------- C:\Users\Yoni\Pictures
2008-03-05 17:14:41 2359296 --ahs---- C:\Users\Yoni\NTUSER.DAT
2008-03-05 17:14:41 0 dr------- C:\Users\Yoni\Music
2008-03-05 17:14:41 0 dr------- C:\Users\Yoni\Links
2008-03-05 17:14:41 0 dr------- C:\Users\Yoni\Favorites
2008-03-05 17:14:41 0 dr------- C:\Users\Yoni\Downloads
2008-03-05 17:14:41 0 dr------- C:\Users\Yoni\Documents
2008-03-05 17:14:41 0 dr------- C:\Users\Yoni\Desktop
2008-03-05 17:14:41 0 d--h----- C:\Users\Yoni\AppData
2008-03-05 17:10:25 0 d--hs---- C:\Users\All Users\Sjablonen
2008-03-05 17:10:25 0 d--hs---- C:\Users\All Users\Menu Start
2008-03-05 17:10:25 0 d--hs---- C:\Users\All Users\Favorieten
2008-03-05 17:10:25 0 d--hs---- C:\Users\All Users\Documenten
2008-03-05 17:10:25 0 d--hs---- C:\Users\All Users\Application Data
2008-03-05 17:10:24 0 d--hs---- C:\Users\Default\Sjablonen
2008-03-05 17:10:24 0 d--hs---- C:\Users\Default\SendTo
2008-03-05 17:10:24 0 d--hs---- C:\Users\Default\Recent
2008-03-05 17:10:24 0 d--hs---- C:\Users\Default\Netwerkprinteromgeving
2008-03-05 17:10:24 0 d--hs---- C:\Users\Default\NetHood
2008-03-05 17:10:24 0 d--hs---- C:\Users\Default\Mijn documenten
2008-03-05 17:10:24 0 d--hs---- C:\Users\Default\Menu Start
2008-03-05 17:10:24 0 d--hs---- C:\Users\Default\Local Settings
2008-03-05 17:10:24 0 d--hs---- C:\Users\Default\Cookies
2008-03-05 17:10:24 0 d--hs---- C:\Users\Default\Application Data
2008-03-05 17:10:24 0 d--hs---- C:\Users\All Users\Bureaublad
2008-03-05 17:10:24 0 d--hs---- C:\Documents and Settings
2008-03-04 01:48:39 0 d-------- C:\Program Files\DellTPad
2008-03-04 01:29:52 0 d-------- C:\Windows\Users
2008-03-04 01:26:07 0 d-------- C:\doctemp
2008-03-04 01:23:11 0 d-------- C:\Windows\system32\oem
2008-03-04 01:23:10 0 d-------- C:\Drivers
2008-03-04 01:23:10 0 d-------- C:\DELL


-- Find3M Report ---------------------------------------------------------------

2008-04-04 17:05:27 689618 --a------ C:\Windows\system32\perfh013.dat
2008-04-04 17:05:27 122796 --a------ C:\Windows\system32\perfc013.dat
2008-04-04 16:05:26 0 d-------- C:\Users\Yoni\AppData\Roaming\Publish Providers
2008-04-04 16:04:25 0 d-------- C:\Users\Yoni\AppData\Roaming\Sony
2008-04-04 14:45:03 0 d-------- C:\Program Files\McAfee
2008-04-04 09:09:49 0 d-------- C:\Users\Yoni\AppData\Roaming\uTorrent
2008-04-04 09:06:25 0 d-------- C:\Users\Yoni\AppData\Roaming\LimeWirePlus
2008-03-30 11:29:27 0 d-------- C:\Users\Yoni\AppData\Roaming\Adobe
2008-03-30 10:50:50 0 d-------- C:\Program Files\Common Files\Adobe
2008-03-30 10:50:49 0 d-------- C:\Program Files\Common Files
2008-03-30 10:04:01 0 d-------- C:\Users\Yoni\AppData\Roaming\Malwarebytes
2008-03-29 18:59:24 0 d-------- C:\Users\Yoni\AppData\Roaming\Corel
2008-03-29 18:43:21 0 d-------- C:\Users\Yoni\AppData\Roaming\InstallShield
2008-03-22 14:55:42 0 d-------- C:\Users\Yoni\AppData\Roaming\MixMeister Technology
2008-03-18 10:24:40 0 d-------- C:\Program Files\Common Files\InstallShield
2008-03-15 14:52:33 0 d-------- C:\Users\Yoni\AppData\Roaming\Mozilla
2008-03-12 17:46:53 0 d-------- C:\Program Files\Windows Mail
2008-03-11 18:40:07 0 d--h----- C:\Users\Yoni\AppData\Roaming\ijjigame
2008-03-11 18:19:46 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-03-09 20:53:45 0 d-------- C:\Users\Yoni\AppData\Roaming\JLC's Software
2008-03-08 21:39:27 0 d-------- C:\Users\Yoni\AppData\Roaming\Roxio
2008-03-07 20:09:54 0 d-------- C:\Program Files\Windows Sidebar
2008-03-06 21:41:04 0 d-------- C:\Users\Yoni\AppData\Roaming\CyberLink
2008-03-06 17:07:31 0 d-------- C:\Users\Yoni\AppData\Roaming\Nexon
2008-03-05 18:15:27 0 d-------- C:\Users\Yoni\AppData\Roaming\Google
2008-03-05 18:12:49 0 d-------- C:\Users\Yoni\AppData\Roaming\Macromedia
2008-03-05 17:15:47 0 d-------- C:\Users\Yoni\AppData\Roaming\Identities
2008-03-05 17:10:25 0 d-------- C:\Program Files\Windows NT
2008-03-04 01:40:54 0 d-------- C:\Program Files\Windows Calendar
2008-03-04 01:36:00 0 d-------- C:\Program Files\Windows Defender
2008-03-03 18:24:37 0 d-------- C:\Program Files\Dell
2008-03-03 18:22:30 0 d-------- C:\Program Files\Common Files\McAfee
2008-03-03 18:22:15 0 d-------- C:\Program Files\McAfee.com
2008-03-03 18:21:47 0 d-------- C:\Program Files\Roxio
2008-03-03 18:21:47 0 d-------- C:\Program Files\Common Files\SureThing Shared
2008-03-03 18:20:36 0 d-------- C:\Program Files\Common Files\Sonic Shared
2008-03-03 18:20:34 0 d-------- C:\Program Files\Common Files\Roxio Shared
2008-03-03 18:20:32 0 d-------- C:\Program Files\Common Files\PX Storage Engine
2008-03-03 18:17:47 0 d-------- C:\Program Files\CyberLink
2008-03-03 18:16:01 0 d-------- C:\Program Files\Dell Support Center
2008-03-03 18:15:51 0 d-------- C:\Program Files\Common Files\supportsoft
2008-03-03 18:14:37 0 d-------- C:\Program Files\Google
2008-03-03 18:13:02 0 d-------- C:\Program Files\Microsoft Works
2008-03-03 18:12:16 0 d-------- C:\Program Files\Cisco
2008-03-03 18:11:24 0 d-------- C:\Program Files\Intel
2008-03-03 18:06:28 0 d-------- C:\Program Files\Digital Line Detect
2008-03-03 18:05:57 0 d-------- C:\Program Files\NetWaiting
2008-03-03 18:05:24 0 d-------- C:\Program Files\Modem Diagnostic Tool
2008-03-03 18:05:05 0 d-------- C:\Program Files\Java
2008-03-03 18:05:05 0 d-------- C:\Program Files\Common Files\Java
2008-03-03 17:56:51 174 --ahs---- C:\Program Files\desktop.ini
2008-03-03 17:55:12 0 d-------- C:\Program Files\CONEXANT
2008-03-03 17:54:58 0 d-------- C:\Program Files\Sigmatel
2008-01-14 14:52:00 81920 --a------ C:\Windows\system32\frapsvid.dll <Not Verified; Beepa P/L; FRAPS>


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{377C180E-6F0E-4D4C-980F-F45BD3D40CF4}]
19-09-2007 08:15 329032 --a------ C:\Program Files\McAfee\MSK\mcapbho.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [04-03-2008 01:35]
"ECenter"="C:\Dell\E-Center\EULALauncher.exe" [25-05-2007 08:03]
"Apoint"="C:\Program Files\DellTPad\Apoint.exe" [07-09-2007 08:49]
"SigmatelSysTrayApp"="C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe" [12-11-2007 13:07]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [15-12-2007 05:54]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [15-12-2007 05:53]
"Persistence"="C:\Windows\system32\igfxpers.exe" [15-12-2007 05:53]
"SunJavaUpdateSched"="c:\Program Files\Java\jre1.6.0\bin\jusched.exe" [03-03-2008 18:05]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [21-03-2007 15:00]
"Broadcom Wireless Manager UI"="C:\Windows\system32\WLTRAY.exe" [12-12-2007 09:03]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11-05-2007 05:06]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [03-03-2008 18:14]
"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [15-11-2007 11:24]
"PCMService"="C:\Program Files\Dell\MediaDirect\PCMService.exe" [01-11-2007 17:39]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [04-08-2007 00:33]
"DownloadAccelerator"="C:\Program Files\DAP\DAP.exe" [05-03-2008 20:49]
"IP Changer 2.0"="C:\Program Files\Plustech Inc.\IP Changer 2.0\yourapp.Exe" []
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [15-03-2008 01:50]
"Corel File Shell Monitor"="C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe" [30-10-2007 20:52]
"Corel Photo Downloader"="C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" [31-10-2007 02:52]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe" [02-10-2007 14:45]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [02-11-2006 14:35]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [18-10-2007 12:34]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [02-11-2006 14:36]

C:\Users\Yoni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [16-3-2005 20:16:50]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [3-3-2008 18:06:28]
QuickSet.lnk - C:\Program Files\Dell\QuickSet\quickset.exe [7-9-2007 18:27:08]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]
"Windows Printing Driver"=WinSpooler.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Shell"="Explorer.exe C:\WINDOWS\Config\csrss.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI



-- End of Deckard's System Scanner: finished at 2008-04-04 17:58:48 ------------




Extra.txt:



Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft® Windows Vista™ Home Premium (build 6000)
Architecture: X86; Language: Dutch

CPU 0: Intel® Pentium® Dual CPU T2330 @ 1.60GHz
Percentage of Memory in Use: 52%
Physical Memory (total/avail): 2037.43 MiB / 963.32 MiB
Pagefile Memory (total/avail): 4294.91 MiB / 2842.41 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1903.49 MiB

C: is Fixed (NTFS) - 136.46 GiB total, 86.71 GiB free.
D: is Fixed (NTFS) - 10 GiB total, 6.07 GiB free.
E: is CDROM (No Media)
F: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - ST9160821AS - 149.05 GiB - 4 partitions
\PARTITION0 - Unknown - 94.1 MiB
\PARTITION1 - Installable File System - 10 GiB - D:
\PARTITION2 (bootable) - Installable File System - 136.46 GiB - C:
\PARTITION3 - Extended w/Extended Int 13 - 2.5 GiB



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FW: McAfee Personal Firewall v (McAfee)
AV: McAfee VirusScan v (McAfee)
AS: McAfee VirusScan v (McAfee)
AS: Windows Defender v1.1.1505.0 (Microsoft Corporation) Disabled

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\ProgramData
APPDATA=C:\Users\Yoni\AppData\Roaming
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=COMPOWER
ComSpec=C:\Windows\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Users\Yoni
LOCALAPPDATA=C:\Users\Yoni\AppData\Local
LOGONSERVER=\\COMPOWER
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\10.0\DLLShared\;C:\Program Files\Common Files\Adobe\AGL
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 13, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0f0d
ProgramData=C:\ProgramData
ProgramFiles=C:\Program Files
PROMPT=$P$G
PUBLIC=C:\Users\Public
RoxioCentral=C:\Program Files\Common Files\Roxio Shared\10.0\Roxio Central36\
SystemDrive=C:
SystemRoot=C:\Windows
TEMP=C:\Users\Yoni\AppData\Local\Temp
TMP=C:\Users\Yoni\AppData\Local\Temp
USERDOMAIN=ComPower
USERNAME=Yoni
USERPROFILE=C:\Users\Yoni
windir=C:\Windows


-- User Profiles ---------------------------------------------------------------

Yoni


-- Add/Remove Programs ---------------------------------------------------------

Aan de slag met Dell --> MsiExec.exe /I{2C086D06-187A-4050-ADD4-2F9D033651B4}
Adobe Bridge 1.0 --> MsiExec.exe /I{B74D4E10-1033-0000-0000-000000000001}
Adobe Common File Installer --> MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39}
Adobe Flash Player ActiveX --> C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Help Center 1.0 --> MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001}
Adobe Photoshop CS2 --> msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D}
Adobe Photoshop Elements 6.0 --> msiexec /I {F54AC413-D2C6-4A24-B324-370C223C6250}
Adobe Reader 8.1.0 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81000000003}
Adobe Stock Photos 1.0 --> MsiExec.exe /I{786C5747-1033-0000-B58E-000000000001}
ASIO4ALL --> C:\Program Files\ASIO4ALL v2\uninstall.exe
µTorrent --> "C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
Browser Address Error Redirector --> MsiExec.exe /I{62230596-37E5-4618-A329-0D21F529A86F}
Cisco EAP-FAST Module --> MsiExec.exe /I{BF53252E-4AB2-4C7F-A0FD-6100755745E3}
Cisco LEAP Module --> MsiExec.exe /I{76F9CF97-FC4B-4E20-B363-D127C888448F}
Cisco PEAP Module --> MsiExec.exe /I{4E5386F5-C0F6-4532-A54A-374865AEAB71}
Collab --> C:\Program Files\Image-Line\Collab\uninstall.exe
Conexant HDA D330 MDC V.92 Modem --> C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F\HXFSETUP.EXE -U -Idel000fz.inf
Corel Paint Shop Pro Photo X2 --> MsiExec.exe /X{64E72FB1-2343-4977-B4A8-262CD53D0BD3}
Dell draadloze WLAN-kaart --> "C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwlu00.exe" verbose /rootkey="Software\Broadcom\802.11\UninstallInfo" /rootdir="C:\Program Files\Dell\Dell Wireless WLAN Card"
Dell Support Center --> MsiExec.exe /X{E3BFEE55-39E2-4BE0-B966-89FE583822C1}
Dell Touchpad --> C:\Program Files\DellTPad\Uninstap.exe ADDREMOVE
Digital Line Detect --> C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\setup.exe -runfromtemp -l0x0013 -removeonly
Download Accelerator Plus (DAP) --> C:\PROGRA~1\DAP\DAPREMOVE.EXE
EuropeMapleStory --> MsiExec.exe /I{D17D8B97-F937-432F-88BD-382727D34441}
F-CRC Calculator v0.60 --> "C:\Program Files\F-CRC\unins000.exe"
FL Studio 7 --> C:\Program Files\Image-Line\FL Studio 7\uninstall.exe
Fraps --> "C:\Fraps\uninstall.exe"
GEAR 32bit Driver Installer --> MsiExec.exe /X{E89B484C-B913-49A0-959B-89E836001658}
Google Desktop --> C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe -uninstall
Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
Hotspot Shield 1.03a --> C:\Program Files\Hotspot Shield\Uninstall.exe
ijji - Gunz --> C:\ijji\ENGLISH\Gunz\Uninstall.exe
ijji Auto Installer --> "C:\Program Files\InstallShield Installation Information\{1DCC7418-2089-4BDD-B321-3771956160FC}\setup.exe" -runfromtemp -l0x0009 -removeonly
IL Download Manager --> C:\Program Files\Image-Line\Downloader\uninstall.exe
Intel® Matrix Storage Manager --> C:\Windows\System32\Imsmudlg.exe
IP Changer 2.0 --> C:\Windows\IsUninst.exe -f"C:\Program Files\Plustech Inc.\IP Changer 2.0\Uninst.isu"
Java™ SE Runtime Environment 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160000}
JLC's Internet TV --> "C:\Program Files\JLC's Software\Internet TV\Uninstall.exe"
LimeWire Plus 1.7 --> C:\Program Files\LimeWire Plus\uninstall.exe
Malwarebytes' Anti-Malware --> "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
MapleStory --> MsiExec.exe /I{0A41BC21-EA0F-4B0B-BEA4-2997B80DB0D9}
McAfee SecurityCenter --> C:\Program Files\McAfee\MSC\mcuninst.exe
MediaDirect --> C:\Program Files\InstallShield Installation Information\{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}\setup.exe -runfromtemp -l0x0009 -cluninstall
Messenger Plus! Live --> "C:\Program Files\Messenger Plus! Live\Uninstall.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 --> MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}
Microsoft Works --> MsiExec.exe /I{A2A0A82F-025F-458d-A0CD-9BB2320804B5}
MixMeister Fusion Demo --> MsiExec.exe /I{DA55E50A-8DE2-4AE2-AA81-E701E3EE23FD}
Modem Diagnostic Tool --> MsiExec.exe /I{F63A3748-B93D-4360-9AD4-B064481A5C7B}
Mozilla Firefox (2.0.0.13) --> C:\PROGRA~1\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB936181) --> MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833) --> MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
NetWaiting --> C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe -runfromtemp -l0x0013 -removeonly
OutlookAddinSetup --> MsiExec.exe /I{9BDEF074-020E-458D-ADC5-8FF68E0C9B56}
PowerISO --> "C:\Program Files\PowerISO\uninstall.exe"
QuickSet --> MsiExec.exe /I{C4972073-2BFE-475D-8441-564EA97DA161}
Roxio Creator Audio --> MsiExec.exe /I{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}
Roxio Creator Copy --> MsiExec.exe /I{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}
Roxio Creator Data --> MsiExec.exe /I{08E81ABD-79F7-49C2-881F-FD6CB0975693}
Roxio Creator DE --> C:\ProgramData\Uninstall\{09760D42-E223-42AD-8C3E-55B47D0DDAC3}\setup.exe /x {09760D42-E223-42AD-8C3E-55B47D0DDAC3}
Roxio Creator DE --> MsiExec.exe /I{ED439A64-F018-4DD4-8BA5-328D85AB09AB}
Roxio Creator Tools --> MsiExec.exe /I{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}
Roxio Express Labeler 3 --> MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Roxio Update Manager --> MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
Sony Vegas Pro 8.0 --> MsiExec.exe /X{1246FF64-3035-4A92-8FE6-A968275495EB}
TubeTilla Free --> C:\Program Files\TubeTilla Free\Uninstal.exe
User's Guides --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}\setup.exe"
Windows Live aanmeldhulp --> MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Windows Live installer --> MsiExec.exe /X{A258173E-F308-475A-951B-F1BF76A4451B}
Windows Live Messenger --> MsiExec.exe /X{A0C978B8-B82B-4FAD-8C31-EBEE8E57468A}
Windows Live OneCare safety scanner --> "C:\Program Files\Windows Live Safety Center\UnInstall.exe"
Windows Live OneCare safety scanner --> MsiExec.exe /X{FE0646A7-19D0-41B4-A2BB-2C35D644270D}
WinRAR --> C:\Program Files\WinRAR\uninstall.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type5564 / Success
Event Submitted/Written: 04/04/2008 05:13:42 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type5555 / Success
Event Submitted/Written: 04/04/2008 05:01:04 PM
Event ID/Source: 5617 / WinMgmt
Event Description:


Event Record #/Type5554 / Success
Event Submitted/Written: 04/04/2008 05:01:03 PM
Event ID/Source: 5615 / WinMgmt
Event Description:


Event Record #/Type5553 / Success
Event Submitted/Written: 04/04/2008 05:01:00 PM
Event ID/Source: 2570 / Adobe Active File Monitor 6.0
Event Description:
De service Adobe Active File Monitor is gestart.

Event Record #/Type5550 / Success
Event Submitted/Written: 04/04/2008 05:00:10 PM
Event ID/Source: 902 / Software Licensing Service
Event Description:
De Software Licensing-service is gestart.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type20644 / Error
Event Submitted/Written: 04/04/2008 05:11:36 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
BCM42RLY%%2

Event Record #/Type20643 / Error
Event Submitted/Written: 04/04/2008 05:11:35 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
BCM42RLY%%2

Event Record #/Type20640 / Error
Event Submitted/Written: 04/04/2008 05:04:43 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
BCM42RLY%%2

Event Record #/Type20639 / Error
Event Submitted/Written: 04/04/2008 05:04:43 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
BCM42RLY%%2

Event Record #/Type20638 / Error
Event Submitted/Written: 04/04/2008 05:04:42 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
BCM42RLY%%2



-- End of Deckard's System Scanner: finished at 2008-04-04 17:58:48 ------------

#11 User is offline   Billy O'Neal 

  • Bleepin Engineer GRADUATE
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Instructor
  • Posts: 10,380
  • Joined: 17-January 08
  • Gender:Male
  • Location:Cleveland, Ohio

Posted 04 April 2008 - 11:36 AM

Alright... thats not what I thought....

I think this is the problem, but I do not know which service is causing it:

Quote

-- System Event Log ------------------------------------------------------------

Event Record #/Type20644 / Error
Event Submitted/Written: 04/04/2008 05:11:36 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
BCM42RLY%%2

Event Record #/Type20643 / Error
Event Submitted/Written: 04/04/2008 05:11:35 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
BCM42RLY%%2

Event Record #/Type20640 / Error
Event Submitted/Written: 04/04/2008 05:04:43 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
BCM42RLY%%2

Event Record #/Type20639 / Error
Event Submitted/Written: 04/04/2008 05:04:43 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
BCM42RLY%%2

Event Record #/Type20638 / Error
Event Submitted/Written: 04/04/2008 05:04:42 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
BCM42RLY%%2


Do you recognize "BCM42RLY%%2"?

Quote

Language: Dutch

Never ceases to amaze me how many members we have from other countries....

Billy3
Just graduated! W00t!

Look buddy, I'm an Engineer, and that means I solve problems. Not problems like "What is beauty?" .. 'cause that would fall within the purview of your conundrums of philosophy....
Bitbucket - Twitter

#12 User is offline   yonis 

  • New Member
  • Pip
  • Find Topics
  • Group: Members
  • Posts: 7
  • Joined: 04-April 08

Posted 04 April 2008 - 11:38 AM

lol dutch pplz , and no ,i don't reconize Br4?????idk,


go to eat now ,still backupping

#13 User is offline   usasma 

  • Still visually handicapped, new avatar (a camel) :0)
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Members
  • Posts: 16,690
  • Joined: 02-October 05
  • Gender:Male
  • Location:Southeastern CT, USA

Posted 05 April 2008 - 06:40 AM

The BCM... stuff "usually" refers to a Broadcom connection thingie (to use the technical term :huh:
Either a wireless adapter, a wired adapter, or the software that's used to control connections.
At work we have some issues with the software that controls connections. But, in this case, the only notation about Broadcom (I searched the topic for "BCM") is this:

Quote

Dell draadloze WLAN-kaart --> "C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwlu00.exe" verbose /rootkey="Software\Broadcom\802.11\UninstallInfo" /rootdir="C:\Program Files\Dell\Dell Wireless WLAN Card"

This post has been edited by usasma: 05 April 2008 - 06:42 AM
Reason for edit: added search criteria

- John
**If you need a more detailed explanation, please ask for it. I have the Knack. **

Share this topic:


Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users