Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possible Backdoor? Loads Of Processes


  • Please log in to reply
6 replies to this topic

#1 IcedOut3

IcedOut3

  • Members
  • 75 posts
  • OFFLINE
  •  
  • Local time:01:06 AM

Posted 21 September 2007 - 07:57 PM

Hello,
heres my hjt, i think there's something going on my computer, cos its lagging like hell ! i uninstalled mcAfee and installed Comodo Firewall plus Avast Antivirius, it got a bit better but now again its lagging alot, is there something im doing wrong?

Thanks

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:56:41 AM, on 9/22/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Avast4\aswUpdSv.exe
C:\Program Files\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\Avast4\ashDisp.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MessengerDiscovery\MessengerDiscovery Live.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Ahead\Nero Recode\Recode.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet Helper - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.8.30.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {FFFFFEF0-5B30-21D4-945D-000000000000} - C:\PROGRA~1\STARDO~1\SDIEInt.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QT Lite\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download with Star Downloader - C:\Program Files\Star Downloader\sdie.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.8.30.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload.ijjimax.com/gamedownlo...Plugin11USA.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1188616021953
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Avast4\ashWebSv.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe

--
End of file - 8179 bytes

BC AdBot (Login to Remove)

 


#2 Papakid

Papakid

    Guru at being a Newbie


  • Malware Response Team
  • 6,582 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:01:06 AM

Posted 01 October 2007 - 09:51 AM

HI IcedOut3,

I don't believe this is a malware issue, but probably some resource intensive and/or misbehaving software you have installed. Prime suspects are Windows Desktop Search, Stardock and Ad-Aware, among others. Before I send you to another forum for help with non-malware issues, please run a couple of scans for me. Also have you played around with installing Vista? One of your running proceses is supposed to be specific to Vista and your log shows you are running XP.

Download and scan with SUPERAntiSypware Free for Home Users
  • Double-click SUPERAntiSypware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
  • Under "Configuration and Preferences", click the Preferences button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.
Download Deckard's System Scanner (DSS) to your Desktop. Note: You must be logged onto an account with administrator privileges.
  • Close all applications and windows.
  • Double-click on dss.exe to run it, and follow the prompts. If your anti-virus or firewall complains, please allow this script to run as it is not malicious.
  • When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt <-this one will be minimized
  • Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt and the extra.txt in your next reply. If you have any problems with the logs, both can be found in C:\Deckard\System Scanner.

The fate of all mankind, I see

Is in the hands of fools

--King Crimson


#3 IcedOut3

IcedOut3
  • Topic Starter

  • Members
  • 75 posts
  • OFFLINE
  •  
  • Local time:01:06 AM

Posted 04 October 2007 - 09:41 PM

Thank You for your Reply PapKid,
Well I recently removed Ad-Aware and no I haven't even installed/downloaded anything to do with Vista.
Im downloading both program at the moment, I will get back to you ASAP. Do you want a fresh copy of HJT?

EDIT:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 10/05/2007 at 01:59 PM

Application Version : 3.9.1008

Core Rules Database Version : 3319
Trace Rules Database Version: 1320

Scan type : Complete Scan
Total Scan Time : 00:43:32

Memory items scanned : 506
Memory threats detected : 0
Registry items scanned : 6833
Registry threats detected : 0
File items scanned : 43418
File threats detected : 5

Adware.Tracking Cookie
C:\Documents and Settings\Guest\Cookies\guest@atdmt[2].txt
C:\Documents and Settings\Guest\Cookies\guest@mediaplex[1].txt
C:\Documents and Settings\Guest\Cookies\guest@msnaccountservices.112.2o7[2].txt
C:\Documents and Settings\Guest\Cookies\guest@msnportal.112.2o7[1].txt
C:\Documents and Settings\Guest\Cookies\guest@tribalfusion[1].txt




Deckard's Main.txt:

Deckard's System Scanner v20070905.67
Run by Owner on 2007-10-05 14:08:08
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
7: 2007-10-05 04:08:13 UTC - RP134 - Deckard's System Scanner Restore Point
6: 2007-10-05 03:08:24 UTC - RP133 - Installed SUPERAntiSpyware Free Edition
5: 2007-10-04 11:16:44 UTC - RP132 - System Checkpoint
4: 2007-10-03 06:07:54 UTC - RP131 - System Checkpoint
3: 2007-10-02 06:04:50 UTC - RP130 - Installed Rome - Total War™


-- First Restore Point --
1: 2007-09-30 00:02:10 UTC - RP128 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Owner.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:09:36 PM, on 10/5/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Avast4\aswUpdSv.exe
C:\Program Files\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Avast4\ashDisp.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SRS Labs\Audio Sandbox\SRSSSC.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\MessengerDiscovery\MessengerDiscovery Live.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Download\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Owner.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet Helper - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.8.30.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {FFFFFEF0-5B30-21D4-945D-000000000000} - C:\PROGRA~1\STARDO~1\SDIEInt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SRS Audio Sandbox] "C:\Program Files\SRS Labs\Audio Sandbox\SRSSSC.exe" /hideme
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download with Star Downloader - C:\Program Files\Star Downloader\sdie.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.8.30.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload.ijjimax.com/gamedownlo...Plugin11USA.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1188616021953
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Measurement Services Client v.3.12) - http://gameadvisor.futuremark.com/global/msc3121.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{AD65C59D-157E-42FF-8C31-C358B660E5AA}: NameServer = 10.1.1.1,192.168.0.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Avast4\ashWebSv.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 8443 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 TPkd - c:\windows\system32\drivers\tpkd.sys <Not Verified; PACE Anti-Piracy, Inc.; InterLok®>
R1 SASDIFSV - c:\program files\superantispyware\sasdifsv.sys
R1 SASKUTIL - c:\program files\superantispyware\saskutil.sys
R2 GLOGODrv - c:\windows\system32\drivers\glogodrv.sys <Not Verified; Microsoft Corporation; Microsoft® Windows NT™ Operating System>
R3 NVR0Dev - c:\windows\nvoclock.sys <Not Verified; NVidia Corp.; NVidia System Utility Driver>
R3 pcouffin (VSO Software pcouffin) - c:\windows\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
R3 SASENUM - c:\program files\superantispyware\sasenum.sys <Not Verified; SuperAdBlocker, Inc.; SuperAntiSpyware>

S1 vcdrom (Virtual CD-ROM Device Driver) - c:\documents and settings\owner\desktop\vcdrom.sys (file missing)
S3 ENTECH - c:\windows\system32\drivers\entech.sys <Not Verified; EnTech Taiwan; PowerStrip>
S3 huadio - c:\huadio.tmp (file missing)
S3 malg8xc - c:\windows\system32\drivers\malg8xc.sys <Not Verified; Mobile Action Technology Inc.; Handset Manager>
S3 malg8xm - c:\windows\system32\drivers\malg8xm.sys <Not Verified; Mobile Action Technology Inc.; Handset Manager>
S3 malg8xu - c:\windows\system32\drivers\malg8xu.sys <Not Verified; Mobile Action Technology Inc.; Handset Manager>
S3 TVICHW32 - c:\windows\system32\drivers\tvichw32.sys <Not Verified; EnTech Taiwan; TVicHW32 Generic Device Driver for Windows 95/98/ME/NT/2000/2003/XP/XP64>
S3 WMIBIOS (%WMIBIOS.ServiceName%) - c:\windows\system32\drivers\wmibios.sys <Not Verified; Gigabyte Technology; WMI Information>
S3 WMIINFO (WMIINFO Driver) - c:\windows\system32\drivers\wmiinfo.sys <Not Verified; Gigabyte Technology; WMI Information>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 nTuneService (nTune Service) - c:\program files\nvidia corporation\ntune\ntuneservice.exe /startservice <Not Verified; NVIDIA; NVIDIA nTune>

S3 ServiceLayer - "c:\program files\pc connectivity solution\servicelayer.exe" <Not Verified; Nokia.; PC Connectivity Solution>
S4 Fonsmm -


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {EEC5AD98-8080-425F-922A-DABF3DE3F69A}
Description: Nokia N70
Device ID: ROOT\WPD\0000
Manufacturer: Nokia
Name: Nokia N70
PNP Device ID: ROOT\WPD\0000
Service: WUDFRd


-- Scheduled Tasks -------------------------------------------------------------

2007-10-02 13:19:12 464 --a------ C:\WINDOWS\Tasks\WebReg 20071002131911.job
2007-10-02 13:19:09 390 --a------ C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1188443934.job
2007-09-22 10:05:01 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2007-09-05 and 2007-10-05 -----------------------------

2007-10-05 13:08:58 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-10-05 13:08:25 0 d-------- C:\Program Files\SUPERAntiSpyware
2007-10-05 13:08:25 0 d-------- C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com
2007-10-02 13:30:36 2560 --a------ C:\WINDOWS\system32\bitcometres.dll <Not Verified; BitComet; BitComet BCTP Helper>
2007-09-30 01:06:33 0 dr-h----- C:\Documents and Settings\Owner\Recent
2007-09-29 23:09:32 0 d-------- C:\Program Files\Microsoft ActiveSync
2007-09-29 20:05:32 0 d-------- C:\Documents and Settings\Owner\Application Data\iolo
2007-09-29 20:05:32 0 d-------- C:\Documents and Settings\All Users\Application Data\iolo
2007-09-28 22:43:06 0 d-------- C:\WINDOWS\system32\Futuremark
2007-09-28 20:11:18 0 d-------- C:\Documents and Settings\Owner\Application Data\SystemRequirementsLab
2007-09-28 12:38:19 0 d-------- C:\Program Files\Media Player Classic
2007-09-27 18:29:16 0 d-------- C:\Documents and Settings\Guest\Application Data\Nokia Multimedia Player
2007-09-27 18:24:30 0 d-------- C:\Documents and Settings\Guest\Application Data\PC Suite
2007-09-27 16:26:15 0 d-------- C:\Documents and Settings\Guest\Application Data\Macromedia
2007-09-27 16:26:15 0 d-------- C:\Documents and Settings\Guest\Application Data\Adobe
2007-09-27 16:22:17 0 d-------- C:\Documents and Settings\Guest\Application Data\Mozilla
2007-09-27 16:18:46 0 d-------- C:\Program Files\NVIDIA Corporation
2007-09-27 12:48:59 0 d-------- C:\WINDOWS\Performance
2007-09-27 12:48:25 0 d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Corporation
2007-09-27 12:48:04 0 d-------- C:\Program Files\Microsoft Windows Vista Upgrade Advisor
2007-09-27 11:52:50 0 d-------- C:\Documents and Settings\Owner\Application Data\VSRevoGroup
2007-09-27 11:51:31 0 d-------- C:\Program Files\VS Revo Group
2007-09-26 16:14:47 0 d-------- C:\Documents and Settings\Owner\Application Data\DeepBurner
2007-09-26 14:32:05 0 d-------- C:\Documents and Settings\Guest\Application Data\Identities
2007-09-26 14:31:41 0 d--h----- C:\Documents and Settings\Guest\Templates
2007-09-26 14:31:41 0 dr------- C:\Documents and Settings\Guest\Start Menu
2007-09-26 14:31:41 0 dr-h----- C:\Documents and Settings\Guest\SendTo
2007-09-26 14:31:41 0 dr-h----- C:\Documents and Settings\Guest\Recent
2007-09-26 14:31:41 0 d--h----- C:\Documents and Settings\Guest\PrintHood
2007-09-26 14:31:41 1310720 --ah----- C:\Documents and Settings\Guest\NTUSER.DAT
2007-09-26 14:31:41 0 d--h----- C:\Documents and Settings\Guest\NetHood
2007-09-26 14:31:41 0 dr------- C:\Documents and Settings\Guest\My Documents
2007-09-26 14:31:41 0 d--h----- C:\Documents and Settings\Guest\Local Settings
2007-09-26 14:31:41 0 dr------- C:\Documents and Settings\Guest\Favorites
2007-09-26 14:31:41 0 d-------- C:\Documents and Settings\Guest\Desktop
2007-09-26 14:31:41 0 d--hs---- C:\Documents and Settings\Guest\Cookies
2007-09-26 14:31:41 0 dr-h----- C:\Documents and Settings\Guest\Application Data
2007-09-26 14:31:41 0 d---s---- C:\Documents and Settings\Guest\Application Data\Microsoft
2007-09-24 21:46:23 0 d-------- C:\Program Files\Bus Driver
2007-09-24 20:37:40 0 d-------- C:\Documents and Settings\Owner\Application Data\WinRAR
2007-09-24 17:44:21 0 d-------- C:\Program Files\Rockstar Games Mod
2007-09-24 15:18:35 0 d--h----- C:\WINDOWS\LGPFT
2007-09-24 15:13:07 0 d-------- C:\Program Files\LG PC Suite
2007-09-24 12:57:31 0 d-------- C:\Program Files\Audacity
2007-09-23 14:46:35 0 d-------- C:\Documents and Settings\Owner\Phone Browser
2007-09-23 14:44:05 0 d-------- C:\Documents and Settings\Owner\Application Data\Nokia Multimedia Player
2007-09-23 14:41:15 0 d-------- C:\Documents and Settings\All Users\Application Data\PC Suite
2007-09-23 14:40:47 0 d-------- C:\Documents and Settings\Owner\Application Data\Nokia
2007-09-23 14:39:56 0 d-------- C:\Program Files\Common Files\PCSuite
2007-09-23 14:37:31 0 d-------- C:\Program Files\DIFX
2007-09-23 14:37:27 0 d-------- C:\Documents and Settings\Owner\Application Data\PC Suite
2007-09-23 14:37:17 0 d-------- C:\Program Files\PC Connectivity Solution
2007-09-23 14:36:48 0 d-------- C:\Documents and Settings\All Users\Application Data\Installations
2007-09-23 13:05:01 0 d-------- C:\Documents and Settings\All Users\Application Data\Nokia
2007-09-23 13:04:51 0 d-------- C:\Program Files\Common Files\Nokia
2007-09-23 13:03:53 0 d-------- C:\Program Files\Nokia
2007-09-23 10:43:57 7440416 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2007-09-23 10:24:32 0 d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2007-09-23 10:24:24 4212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2007-09-23 10:24:19 11264 --a------ C:\WINDOWS\system32\SpOrder.dll <Not Verified; Microsoft Corporation; Microsoft® Windows NT™ Operating System>
2007-09-23 10:23:56 0 d-------- C:\WINDOWS\system32\ZoneLabs
2007-09-23 10:03:57 0 d-------- C:\WINDOWS\Internet Logs
2007-09-22 16:55:13 0 d-------- C:\Program Files\SRS Labs
2007-09-22 16:31:53 0 d-------- C:\Program Files\GameSpy Arcade
2007-09-22 16:17:29 0 d-------- C:\Documents and Settings\All Users\Application Data\Trymedia
2007-09-22 14:12:00 0 d-------- C:\Documents and Settings\All Users\Application Data\SRS Labs
2007-09-22 10:56:23 0 d-------- C:\Program Files\Trend Micro
2007-09-22 10:47:01 2977792 -----n--- C:\WINDOWS\UNRecode.exe <Not Verified; Nero AG; Nero Web Engine>
2007-09-21 16:24:43 98304 --a------ C:\WINDOWS\system32\CmdLineExt.dll <Not Verified; Sony DADC Austria AG.; >
2007-09-21 16:16:29 0 d-------- C:\Display Pics (icedout3@hotmail.com)
2007-09-20 22:50:50 0 d-------- C:\Documents and Settings\Owner\Application Data\DivX
2007-09-20 22:45:37 0 d-------- C:\Program Files\DivX
2007-09-20 21:45:49 0 d-------- C:\Program Files\IsoBuster
2007-09-20 21:44:36 0 d-------- C:\Program Files\DeepBurner
2007-09-20 21:42:43 0 d-------- C:\Documents and Settings\Owner\Application Data\ImgBurn
2007-09-20 21:41:44 0 d-------- C:\Program Files\ImgBurn
2007-09-20 20:44:08 0 d-------- C:\Documents and Settings\Owner\Application Data\Comodo
2007-09-20 20:44:07 0 d-------- C:\Documents and Settings\All Users\Application Data\Comodo
2007-09-20 20:42:18 0 d-------- C:\Program Files\Comodo
2007-09-20 20:41:09 0 d-------- C:\Program Files\Avast4
2007-09-19 22:01:24 0 d-------- C:\Program Files\UltraVnc
2007-09-19 21:45:08 0 d-------- C:\Program Files\iPod
2007-09-19 21:45:04 0 d-------- C:\Program Files\iTunes
2007-09-19 19:14:13 0 d-------- C:\Documents and Settings\Owner\Application Data\Obsidium
2007-09-18 17:33:49 0 d-------- C:\Program Files\Common Files\PACE Anti-Piracy
2007-09-18 17:33:49 0 d-------- C:\Documents and Settings\Owner\Application Data\PACE Anti-Piracy
2007-09-18 17:33:49 0 d-------- C:\Documents and Settings\All Users\Application Data\PACE Anti-Piracy
2007-09-18 17:22:20 0 d-------- C:\Program Files\MaxxPlayer
2007-09-18 17:19:51 785 --a------ C:\WINDOWS\Tpkdboot.reg
2007-09-18 17:19:51 679936 --a------ C:\WINDOWS\system32\ilinet.dll <Not Verified; PACE Anti-Piracy; InterLok>
2007-09-18 17:19:51 70048 --a------ C:\WINDOWS\system32\drivers\TPkd.sys <Not Verified; PACE Anti-Piracy, Inc.; InterLok®>
2007-09-18 04:23:00 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX>
2007-09-18 04:23:00 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX>
2007-09-18 04:22:58 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2007-09-18 04:22:58 739840 --a------ C:\WINDOWS\system32\DivX.dll <Not Verified; DivX, Inc.; DivX>
2007-09-17 22:01:12 0 d-------- C:\Program Files\DVDFab Platinum 3
2007-09-17 18:26:46 20992 --a------ C:\WINDOWS\jestertb.dll
2007-09-17 18:24:31 36586 --a------ C:\WINDOWS\system32\drivers\mavcomm.sys <Not Verified; Mobile Action Technology Inc.; Handset Manager>
2007-09-17 18:24:31 48972 --a------ C:\WINDOWS\system32\drivers\MARDPNP.SYS <Not Verified; Mobile Action Technology Inc.; Handset Manager>
2007-09-17 18:24:31 49227 --a------ C:\WINDOWS\system32\drivers\mardp2k.sys <Not Verified; Mobile Action Technology Inc.; Handset Manager>
2007-09-17 18:24:31 51669 --a------ C:\WINDOWS\system32\drivers\malg8xu.sys <Not Verified; Mobile Action Technology Inc.; Handset Manager>
2007-09-17 18:24:27 25044 --a------ C:\WINDOWS\system32\drivers\malg8xm.sys <Not Verified; Mobile Action Technology Inc.; Handset Manager>
2007-09-17 18:24:24 24784 --a------ C:\WINDOWS\system32\drivers\malg8xc.sys <Not Verified; Mobile Action Technology Inc.; Handset Manager>
2007-09-17 18:23:32 11089 --a------ C:\WINDOWS\system32\drivers\MaVc2K.sys <Not Verified; Mobile Action Technology Inc.; Handset Manager>
2007-09-17 16:04:17 0 d-------- C:\Documents and Settings\All Users\Application Data\nView_Profiles
2007-09-17 16:04:11 0 d-------- C:\Documents and Settings\Owner\Application Data\Windows Desktop Search
2007-09-17 16:03:18 0 d-------- C:\Program Files\Windows Desktop Search
2007-09-17 16:00:21 0 d-------- C:\Documents and Settings\Owner\Application Data\SopCast
2007-09-17 16:00:19 0 d-------- C:\Program Files\SopCast
2007-09-16 19:09:39 0 d-------- C:\Documents and Settings\Owner\Application Data\iPodifier
2007-09-16 18:58:22 0 d-------- C:\WINDOWS\Downloaded Installations
2007-09-16 12:35:36 0 d-------- C:\Program Files\Apple Software Update
2007-09-16 12:35:02 0 d-------- C:\Program Files\Common Files\Apple
2007-09-16 12:08:00 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-09-15 13:10:06 413760 --a------ C:\WINDOWS\system32\MPG4c32.dll <Not Verified; Microsoft Corporation; Microsoft MPEG-4 Video Codec>
2007-09-15 13:10:05 425984 --a------ C:\WINDOWS\system32\xvid.dll
2007-09-15 13:09:59 0 d-------- C:\Program Files\Video Convert Split Merge Studio
2007-09-15 11:00:03 0 d-------- C:\WINDOWS\SxsCaPendDel
2007-09-14 16:25:17 692224 --a------ C:\WINDOWS\system32\ijjiSetup.exe <Not Verified; NHN USA; ijjiSetup Application>
2007-09-14 16:25:17 0 d-------- C:\Program Files\NHN USA
2007-09-13 18:24:06 0 d-------- C:\Program Files\Cucusoft
2007-09-13 18:23:32 0 d-------- C:\Program Files\Common Files\Download Manager
2007-09-13 18:15:49 47360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
2007-09-13 18:15:49 47360 --a------ C:\Documents and Settings\Owner\Application Data\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
2007-09-13 18:15:48 0 d-------- C:\Documents and Settings\Owner\Application Data\Vso
2007-09-12 23:13:38 0 d-------- C:\Program Files\Fraps
2007-09-12 22:24:06 0 d-------- C:\Temp
2007-09-12 22:08:58 0 d-------- C:\Program Files\XVideoConverter
2007-09-12 21:50:50 0 d-------- C:\Program Files\QT Lite
2007-09-12 21:19:46 0 d-------- C:\WINDOWS\RER Video Splitter
2007-09-12 21:00:43 2048 --a------ C:\WINDOWS\system32\Tr_sttool.dat
2007-09-12 21:00:41 0 d-------- C:\Program Files\Bulent's Screen Recorder 4
2007-09-12 20:42:51 0 d-------- C:\WINDOWS\system32\windows media
2007-09-12 20:42:43 0 d-------- C:\WINDOWS\RegisteredPackages
2007-09-12 20:42:43 0 d--h----- C:\WINDOWS\msdownld.tmp
2007-09-12 20:42:38 0 d-------- C:\Program Files\Windows Media Components
2007-09-12 20:42:16 737280 --a------ C:\WINDOWS\iun6002.exe <Not Verified; Indigo Rose Corporation; Setup Factory 6.0 Runtime Module>
2007-09-12 20:42:16 0 d-------- C:\Program Files\Replay Screencast
2007-09-12 19:19:03 45056 --a------ C:\WINDOWS\system32\WNASPI32.DLL <Not Verified; Adaptec; Adaptec's ASPI Layer>
2007-09-12 19:19:03 16512 --a------ C:\WINDOWS\system32\drivers\ASPI32.SYS <Not Verified; Adaptec; Adaptec's ASPI Layer>
2007-09-12 16:53:02 0 d-------- C:\Documents and Settings\LocalService\Application Data\Xfire
2007-09-12 16:52:20 4682 --a------ C:\WINDOWS\system32\npptNT2.sys <Not Verified; INCA Internet Co., Ltd.; nProtect NPSC Kernel Mode Driver for NT>
2007-09-12 16:46:40 0 d--h----- C:\Documents and Settings\Owner\Application Data\ijjigame
2007-09-12 16:25:42 0 d-------- C:\Documents and Settings\Owner\Application Data\Xfire
2007-09-12 16:25:39 0 d---s---- C:\Program Files\Xfire
2007-09-12 16:22:40 0 d-------- C:\Program Files\Gunz
2007-09-12 08:09:21 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe
2007-09-12 08:08:53 0 d-------- C:\Documents and Settings\Owner\Application Data\Adobe
2007-09-10 08:14:58 0 d-------- C:\Documents and Settings\Owner\Application Data\FrostWire
2007-09-10 08:14:47 0 d-------- C:\Program Files\FrostWire
2007-09-10 07:48:44 0 d-------- C:\Documents and Settings\Owner\Incomplete
2007-09-10 07:48:34 0 d-------- C:\Documents and Settings\Owner\Application Data\LimeWire
2007-09-09 14:17:09 0 d-------- C:\Documents and Settings\Owner\Application Data\SecondLife
2007-09-09 12:50:51 0 d-------- C:\Program Files\MindArk
2007-09-09 12:46:28 0 d-------- C:\Program Files\Axon Data
2007-09-08 23:58:42 0 d-------- C:\Documents and Settings\Owner\Application Data\dvdcss
2007-09-08 23:02:27 134122 --a------ C:\WINDOWS\ColorPic Uninstaller.exe
2007-09-08 23:02:27 0 d-------- C:\Program Files\ColorPic 4.1
2007-09-08 20:27:24 20 --a------ C:\sccfg.sys
2007-09-08 20:27:21 77824 --a------ C:\WINDOWS\system32\FLKill.exe <Not Verified; USPTO; Project1>
2007-09-08 20:27:20 0 d-------- C:\Program Files\Folder Lock
2007-09-08 20:24:42 0 d-------- C:\Documents and Settings\All Users\Application Data\Macrovision
2007-09-08 20:24:39 0 d-------- C:\Program Files\Common Files\Adobe Systems Shared
2007-09-08 20:12:55 0 d-------- C:\Program Files\Xilisoft
2007-09-08 20:08:13 0 d-------- C:\Program Files\Common Files\Macromedia
2007-09-08 20:06:50 0 d-------- C:\Program Files\Macromedia
2007-09-08 19:59:03 0 d-------- C:\Program Files\Common Files\DirectX
2007-09-08 19:36:27 0 d-------- C:\Documents and Settings\Owner\Application Data\LG Electronics
2007-09-08 09:48:04 0 d-------- C:\Documents and Settings\Owner\Application Data\Screenshot Sender
2007-09-07 23:40:09 0 d-------- C:\Program Files\Blaze Media Pro
2007-09-07 23:39:34 0 d-------- C:\Documents and Settings\All Users\Application Data\{CFAB4006-0AE0-414D-866A-DCB2C46553CF}
2007-09-07 22:35:06 0 d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2007-09-07 22:31:00 0 --a------ C:\WINDOWS\system32\dummy.dat
2007-09-07 22:30:46 0 d-------- C:\Program Files\AGLOCO Viewbar
2007-09-07 21:54:59 0 d-------- C:\Documents and Settings\Owner\Application Data\Apple Computer
2007-09-07 21:53:38 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-09-07 21:52:51 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple
2007-09-07 21:52:41 0 d-------- C:\Documents and Settings\Owner\Application Data\Microsoft Corporation
2007-09-07 21:49:39 0 d-------- C:\Program Files\Microsoft Office Creative Commons Add-in
2007-09-07 21:49:25 0 d-------- C:\Program Files\Microsoft.NET
2007-09-07 19:45:32 0 d-------- C:\Program Files\MSECache
2007-09-07 18:50:34 0 d-------- C:\Documents and Settings\Owner\Application Data\OfficeUpdate12
2007-09-07 18:47:13 0 d-------- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2007-09-07 15:57:26 0 d-------- C:\Program Files\Windows Live Safety Center
2007-09-07 15:56:04 0 d--h----- C:\WINDOWS\PIF
2007-09-06 16:56:41 0 d-------- C:\Documents and Settings\Owner\Application Data\Joost


-- Find3M Report ---------------------------------------------------------------

2007-10-05 14:06:17 0 d-------- C:\Documents and Settings\Owner\Application Data\SiteAdvisor
2007-10-05 13:08:09 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-09-30 01:06:08 0 d-------- C:\Program Files\Windows Live
2007-09-28 15:41:09 0 d-------- C:\Program Files\MessengerDiscovery
2007-09-28 12:37:09 0 d-------- C:\Program Files\BitComet
2007-09-27 16:19:03 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-09-23 15:22:55 7738 --a------ C:\Documents and Settings\Owner\Application Data\NMM-MetaData.db
2007-09-23 14:39:56 0 d-------- C:\Program Files\Common Files
2007-09-23 14:14:57 2528 --a------ C:\Documents and Settings\Owner\Application Data\$_hpcst$.hpc
2007-09-22 10:50:21 0 d-------- C:\Documents and Settings\Owner\Application Data\Ahead
2007-09-22 10:46:53 0 d-------- C:\Program Files\Ahead
2007-09-20 21:07:28 0 d-------- C:\Documents and Settings\Owner\Application Data\DVD Flick
2007-09-20 20:59:56 0 d-------- C:\Program Files\SpywareBlaster
2007-09-17 22:01:23 34 --a------ C:\Documents and Settings\Owner\Application Data\pcouffin.log
2007-09-17 22:01:17 7887 --a------ C:\Documents and Settings\Owner\Application Data\pcouffin.cat
2007-09-17 22:01:16 1144 --a------ C:\Documents and Settings\Owner\Application Data\pcouffin.inf
2007-09-17 01:07:00 1626112 --a------ C:\WINDOWS\system32\nwiz.exe
2007-09-17 01:07:00 1019904 --a------ C:\WINDOWS\system32\nvwimg.dll
2007-09-17 01:07:00 1703936 --a------ C:\WINDOWS\system32\nvwdmcpl.dll
2007-09-17 01:07:00 466944 --a------ C:\WINDOWS\system32\nvshell.dll
2007-09-17 01:07:00 1478656 --a------ C:\WINDOWS\system32\nview.dll
2007-09-17 01:07:00 1339392 --a------ C:\WINDOWS\system32\nvdspsch.exe
2007-09-17 01:07:00 442368 --a------ C:\WINDOWS\system32\nvappbar.exe
2007-09-17 01:07:00 425984 --a------ C:\WINDOWS\system32\keystone.exe
2007-09-16 12:15:41 0 d-------- C:\Documents and Settings\Owner\Application Data\Skype
2007-09-16 12:12:52 0 d-------- C:\Program Files\Common Files\Adobe
2007-09-16 12:12:51 0 d-------- C:\Documents and Settings\Owner\Application Data\Lavasoft
2007-09-10 08:14:51 0 d-------- C:\Program Files\LimeWire
2007-09-09 14:17:34 0 d-------- C:\Documents and Settings\Owner\Application Data\Mozilla
2007-09-08 09:49:21 0 d-------- C:\Program Files\Messenger Plus! Live
2007-09-08 01:34:41 0 d-------- C:\Program Files\MSN Messenger
2007-09-04 18:36:14 0 d-------- C:\Program Files\MediaCoder
2007-09-04 18:20:15 0 d-------- C:\Program Files\DVD Flick
2007-09-04 17:07:41 0 d-------- C:\Program Files\DVD Decrypter
2007-09-03 21:21:28 0 d-------- C:\Documents and Settings\Owner\Application Data\Google
2007-09-03 21:21:25 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2007-09-03 21:20:21 0 d-------- C:\Program Files\Google
2007-09-03 19:07:28 0 d-------- C:\Program Files\Lavalys
2007-09-03 17:38:25 0 d-------- C:\Documents and Settings\Owner\Application Data\Media Player Classic
2007-09-03 17:37:03 0 d-------- C:\Program Files\K-Lite Codec Pack
2007-09-03 08:01:31 0 d-------- C:\Program Files\EULAlyzer
2007-09-03 07:02:48 0 d-------- C:\Documents and Settings\Owner\Application Data\VersionTracker Pro
2007-09-02 19:00:23 1604 --a------ C:\WINDOWS\mozver.dat
2007-09-02 16:24:58 0 d-------- C:\Program Files\MSXML 6.0
2007-09-02 15:56:45 0 d-------- C:\Program Files\MSBuild
2007-09-02 15:52:42 0 d-------- C:\Program Files\Reference Assemblies
2007-09-02 15:51:11 0 d-------- C:\Program Files\Windows Media Connect 2
2007-09-02 15:30:41 0 d-------- C:\Program Files\Celestia
2007-09-02 14:44:05 0 d-------- C:\Documents and Settings\Owner\Application Data\vlc
2007-09-02 14:35:40 0 d-------- C:\Program Files\Java
2007-09-02 14:35:14 0 d-------- C:\Program Files\Common Files\Java
2007-09-02 14:32:32 0 d-------- C:\Documents and Settings\Owner\Application Data\Sun
2007-09-02 12:42:31 0 d-------- C:\Program Files\Skype
2007-09-02 12:42:27 0 d-------- C:\Program Files\Common Files\Skype
2007-09-02 10:28:52 0 d-------- C:\Documents and Settings\Owner\Application Data\CyberLink
2007-09-02 10:20:02 0 d-------- C:\Program Files\Star Downloader
2007-09-02 10:05:17 0 d-------- C:\Documents and Settings\Owner\Application Data\Macromedia
2007-09-02 08:24:00 0 d-------- C:\Program Files\Microsoft Works
2007-09-02 03:07:26 0 d-------- C:\Program Files\Messenger
2007-09-02 03:02:15 0 d-------- C:\Program Files\MSXML 4.0
2007-09-01 22:09:21 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2007-09-01 13:29:25 0 d-------- C:\Program Files\Altiris
2007-08-30 21:35:01 0 d-------- C:\Program Files\Common Files\ODBC
2007-08-30 21:34:58 0 d-------- C:\Program Files\Common Files\SpeechEngines
2007-08-30 21:34:33 62 --ahs---- C:\Documents and Settings\Owner\Application Data\desktop.ini
2007-08-30 16:19:37 0 d-------- C:\Program Files\Gigabyte
2007-08-30 16:17:22 0 d-------- C:\Program Files\Online Services
2007-08-30 16:15:34 0 d-------- C:\Program Files\Marvell
2007-08-30 15:52:28 0 d-------- C:\Program Files\Common Files\InstallShield
2007-08-30 15:40:06 0 d-------- C:\Program Files\D-Link
2007-08-30 15:11:09 0 d-------- C:\Program Files\Realtek Sound Manager
2007-08-30 15:11:09 0 d-------- C:\Program Files\AvRack
2007-08-30 15:08:46 0 d-------- C:\Program Files\Intel
2007-08-30 13:53:53 0 d-------- C:\Program Files\directx
2007-08-30 13:53:39 0 d-------- C:\Documents and Settings\Owner\Application Data\FotoWire
2007-08-30 13:53:38 0 d-------- C:\Program Files\Logitech
2007-08-30 13:53:38 0 d-------- C:\Program Files\Common Files\FotoWire
2007-08-30 13:52:27 0 d-------- C:\Program Files\Common Files\Logitech
2007-08-30 13:52:13 183 --a------ C:\WINDOWS\QC_LDM
2007-08-30 13:22:44 0 d-------- C:\Program Files\Common Files\L&H
2007-08-30 13:19:17 0 d-------- C:\Documents and Settings\Owner\Application Data\Hewlett-Packard
2007-08-30 13:18:53 20454 --a------ C:\WINDOWS\hpoins01.dat
2007-08-30 13:18:47 0 d-------- C:\Program Files\Hewlett-Packard
2007-08-30 13:16:41 0 d-------- C:\Program Files\Common Files\Hewlett-Packard
2007-08-30 13:13:05 0 d-------- C:\Program Files\CyberLink
2007-08-30 12:21:33 0 d-------- C:\Program Files\Flat Panel Adjust
2007-08-30 12:13:53 0 d-------- C:\Program Files\Common Files\Ahead
2007-08-30 12:01:41 0 --a------ C:\WINDOWS\nsreg.dat
2007-08-30 12:01:21 0 d-------- C:\Program Files\VLC
2007-08-30 12:00:00 0 d-------- C:\Program Files\CCleaner
2007-08-30 11:48:21 0 d-------- C:\Documents and Settings\Owner\Application Data\Identities
2007-08-30 11:45:02 0 d-------- C:\Program Files\microsoft frontpage
2007-08-30 11:44:54 0 -rahs---- C:\MSDOS.SYS
2007-08-30 11:44:54 0 -rahs---- C:\IO.SYS
2007-08-30 11:44:54 0 --a------ C:\CONFIG.SYS
2007-08-30 11:44:54 0 --a------ C:\AUTOEXEC.BAT
2007-08-30 11:43:52 0 d--h----- C:\Program Files\WindowsUpdate
2007-08-30 11:43:06 0 d-------- C:\Program Files\Common Files\MSSoap
2007-08-30 11:42:58 0 d-------- C:\Program Files\Movie Maker
2007-08-30 11:42:33 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2007-08-30 11:41:49 0 d-------- C:\Program Files\MSN Gaming Zone
2007-08-30 11:41:41 0 d-------- C:\Program Files\Windows NT
2007-08-21 10:26:52 196608 --a------ C:\WINDOWS\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2007-08-21 10:26:52 81920 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2007-08-16 08:33:14 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2007-08-16 08:30:26 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
2007-08-15 11:45:20 524288 --a------ C:\WINDOWS\opuc.dll <Not Verified; Microsoft Corporation; 2007 Microsoft Office system>
2007-07-10 18:55:44 7680 --a------ C:\WINDOWS\system32\ff_vfw.dll


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [09/17/2007 01:07 AM]
"nwiz"="nwiz.exe" [09/17/2007 01:07 AM C:\WINDOWS\system32\nwiz.exe]
"avast!"="C:\PROGRA~1\Avast4\ashDisp.exe" [09/06/2007 08:06 PM]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [09/06/2007 04:14 PM]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [09/17/2007 01:07 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [08/16/2007 04:19 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 10:00 PM]
"SRS Audio Sandbox"="C:\Program Files\SRS Labs\Audio Sandbox\SRSSSC.exe" [03/16/2007 03:22 PM]
"NVIDIA nTune"="C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" [07/03/2007 12:32 PM]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [06/21/2007 02:06 PM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Nokia.PCSync"=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [9/8/2007 8:22:06 PM]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [02/05/2007 03:39 PM 294400]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [12/20/2006 01:55 PM 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 04/19/2007 01:41 PM 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hp psc 1000 series.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hp psc 1000 series.lnk
backup=C:\WINDOWS\pss\hp psc 1000 series.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hpoddt01.exe.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hpoddt01.exe.lnk
backup=C:\WINDOWS\pss\hpoddt01.exe.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
C:\Program Files\Ahead\InCD\InCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]
sm56hlpr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"LogitechVideoRepair"=C:\Program Files\Logitech\Video\ISStart.exe
"LogitechVideoTray"=C:\Program Files\Logitech\Video\LogiTray.exe
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" -atboottime
"Viewbar"=C:\Program Files\AGLOCO Viewbar\Viewbar.exe


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d24572d9-56ea-11dc-94d3-806d6172696f}]
AutoRun\command- E:\setup.exe




-- Hosts -----------------------------------------------------------------------

127.0.0.1 babe.the-killer.bz
127.0.0.1 www.babe.the-killer.bz
127.0.0.1 babe.k-lined.com
127.0.0.1 www.babe.k-lined.com
127.0.0.1 did.i-used.cc
127.0.0.1 www.did.i-used.cc
127.0.0.1 coolwwwsearch.com
127.0.0.1 www.coolwwwsearch.com
127.0.0.1 coolwebsearch.com
127.0.0.1 www.coolwebsearch.com

6543 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2007-10-05 14:12:10 ------------


Deckard's Extra.txt
Deckard's System Scanner v20070905.67
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® 4 CPU 3.20GHz
CPU 1: Intel® Pentium® 4 CPU 3.20GHz
Percentage of Memory in Use: 48%
Physical Memory (total/avail): 1023.48 MiB / 522.03 MiB
Pagefile Memory (total/avail): 2972.62 MiB / 2516.65 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1955.07 MiB

A: is Removable (Unformatted)
C: is Fixed (NTFS) - 24.41 GiB total, 11.36 GiB free.
D: is Fixed (NTFS) - 161.89 GiB total, 77.02 GiB free.
E: is CDROM (CDFS)

\\.\PHYSICALDRIVE0 - WDC WD2000JB-00GVC0 - 186.3 GiB - 2 partitions
\PARTITION0 (bootable) - Installable File System - 24.41 GiB - C:
\PARTITION1 - Extended w/Extended Int 13 - 161.89 GiB - D:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FirstRunDisabled is set.
AntivirusOverride is set.
FirewallOverride is set.

FW: ZoneAlarm Firewall v7.0.408.000 (Check Point, LTD.)
AV: avast! antivirus 4.7.1043 [VPS 000778-3] v4.7.1043 (ALWIL Software)

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\backWeb-8876480.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\backWeb-8876480.exe:*:Disabled:backWeb-8876480"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\FrostWire\\FrostWire.exe"="C:\\Program Files\\FrostWire\\FrostWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\MessengerDiscovery\\MessengerDiscovery Live.exe"="C:\\Program Files\\MessengerDiscovery\\MessengerDiscovery Live.exe:*:Enabled:MessengerDiscovery Live the Windows Live Messenger addon"
"D:\\Program Files\\Sierra\\FEAR\\FEAR.exe"="D:\\Program Files\\Sierra\\FEAR\\FEAR.exe:*:Enabled:FEAR"
"C:\\Program Files\\Joost\\xulrunner\\tvprunner.exe"="C:\\Program Files\\Joost\\xulrunner\\tvprunner.exe:*:Enabled:tvprunner"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Owner\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_02\lib\ext\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=JANITH
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Owner
LOGONSERVER=\\JANITH
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\Program Files\PC Connectivity Solution\;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\QT Lite\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 4 Stepping 1, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0401
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_02\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Owner\LOCALS~1\Temp
TMP=C:\DOCUME~1\Owner\LOCALS~1\Temp
tvdumpflags=8
USERDOMAIN=JANITH
USERNAME=Owner
USERPROFILE=C:\Documents and Settings\Owner
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Owner (admin)
Guest (guest)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Documents and Settings\Owner\Local Settings\Application Data\{74D61F17-FFC2-41AF-96E5-1DCB0631B6D1}\EraserSetup32.exe
--> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
--> MsiExec.exe /X {E72019B8-1287-4093-BE9B-1CFA7BA1A8D2}
--> MsiExec.exe /X{E72019B8-1287-4093-BE9B-1CFA7BA1A8D2}
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Photoshop CS --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EFB21DE7-8C19-4A88-BB28-A766E16493BC}\setup.exe" -l0x9
Adobe Reader 8.1.0 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81000000003}
AGLOCO Viewbar 1.03 --> C:\Program Files\AGLOCO Viewbar\uninst.exe
Apple Mobile Device Support --> MsiExec.exe /I{3EBD3749-304E-4A4C-9575-C00E5F015217}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
Audacity 1.2.6 --> "C:\Program Files\Audacity\unins000.exe"
avast! Antivirus --> rundll32 C:\PROGRA~1\Avast4\Setup\setiface.dll,RunSetup
AxCrypt (Remove Only) --> "C:\Program Files\Axon Data\AxCrypt\AxCryptU.exe"
BitComet 0.93 --> C:\Program Files\BitComet\uninst.exe
Blaze Media Pro --> "C:\Documents and Settings\All Users\Application Data\{CFAB4006-0AE0-414D-866A-DCB2C46553CF}\setup_blazemp.exe" REMOVE=TRUE MODIFY=FALSE
Bus Driver 1.0 --> C:\Program Files\Bus Driver\uninst.exe
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
ColorPic --> C:\WINDOWS\ColorPic Uninstaller.exe
Compatibility Pack for the 2007 Office system --> MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Creative Commons Add-in for Microsoft Office --> MsiExec.exe /I{EC719582-B6B4-436A-922B-67094106AB81}
D-Link DSL-302G USB Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{22C0B7CF-4BAD-4FD6-9085-FC2E1A6D5861}\Setup.exe"
DeepBurner v1.8.0.224 --> "C:\Program Files\DeepBurner\Uninstall.exe" "C:\Program Files\DeepBurner\install.log"
DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Converter --> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DVD Decrypter (Remove Only) --> "C:\Program Files\DVD Decrypter\uninstall.exe"
DVD Flick --> "C:\Program Files\DVD Flick\unins000.exe"
DVDFab Platinum 3.1.8.0 --> "C:\Program Files\DVDFab Platinum 3\unins000.exe"
ERUNT 1.1j --> "C:\Program Files\ERUNT\unins000.exe"
EULAlyzer v1.2 --> "C:\Program Files\EULAlyzer\unins000.exe"
EVEREST Corporate Edition NR v4.00 --> "C:\Program Files\Lavalys\EVEREST Corporate Edition NR\unins000.exe"
FEAR --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2B653229-9854-4989-B780-D978F5F13EAB}\setup.exe" -l0x9 -removeonly
FrostWire 4.13.3 --> C:\Program Files\FrostWire\Uninstall.exe
Futuremark Measurement Services Client --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\msc3.inf,DefaultUninstall,5
GameSpy Arcade --> C:\PROGRA~1\GAMESP~1\UNWISE.EXE C:\PROGRA~1\GAMESP~1\INSTALL.LOG
Google Earth --> MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72}
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
ijji - Gunz --> C:\Program Files\Gunz\Uninstall.exe
ijji Auto Installer --> "C:\Program Files\InstallShield Installation Information\{1DCC7418-2089-4BDD-B321-3771956160FC}\setup.exe" -runfromtemp -l0x0009 -removeonly
ImgBurn (Remove Only) --> "C:\Program Files\ImgBurn\uninstall.exe"
IsoBuster 2.2 Beta --> "C:\Program Files\IsoBuster\Uninst\unins000.exe"
iTunes --> MsiExec.exe /I{7FF9CD9C-6E0C-4462-9670-F424DCB32DAF}
Java™ 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
K-Lite Codec Pack 3.3.0 Standard --> "C:\Program Files\K-Lite Codec Pack\unins000.exe"
LG PhoneManager --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B83245C1-AB8A-40C1-91C0-CEDBDB84255D}\setup.exe" -l0x9 -removeonly
LG SyncManager --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FFD25152-1916-4744-BAAF-F2D2EBF38284}\setup.exe" -l0x9 -removeonly
Macromedia Fireworks MX --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{930B2432-43D4-11D5-9871-00C04F8EEB39}\Setup.exe" -l0x9 UNINSTALL
Macromedia Flash MX --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3BE480ED-E17A-431A-981C-5C2EDDBCD3BF}\Setup.exe" -l0x9 UNINSTALL
Macromedia FreeHand 10 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4D826618-59C6-11D4-976E-00C04F8EEB39}\Setup.exe" UNINSTALL
MaxxPlayer --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5F07A39C-885D-483C-83A7-9E37ED6B4785}\setup.exe" -l0x9 -removeonly
MediaCoder 0.6.0 --> C:\Program Files\MediaCoder\uninst.exe
Messenger Plus! Live --> "C:\Program Files\Messenger Plus! Live\Uninstall.exe"
MessengerDiscovery Live 1.3.0322 --> "C:\Program Files\MessengerDiscovery\unins000.exe"
Microsoft Base Smart Card Cryptographic Service Provider Package --> "C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office 2003 Primary Interop Assemblies --> MsiExec.exe /X{91490409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Small Business Edition 2003 --> MsiExec.exe /I{91CA0409-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.5 --> "C:\WINDOWS\$NtUninstallWudf01005$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Motorola SM56 Speakerphone Modem --> C:\WINDOWS\Motorola\SMSERIAL\sm56unst.exe
Mozilla Firefox (2.0.0.7) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
Nero Recode CE --> C:\WINDOWS\UNRecode.exe /UNINSTALL
Nokia Connectivity Cable Driver --> MsiExec.exe /X{11964613-805F-432D-A12B-169554B793E7}
Nokia PC Suite --> C:\Documents and Settings\All Users\Application Data\Installations\{A982E6CC-9F0D-4948-9B18-BDFD55DE4A72}\Nokia_PC_Suite_6_84_10_3_eng_web.exe
Nokia PC Suite --> MsiExec.exe /I{A982E6CC-9F0D-4948-9B18-BDFD55DE4A72}
Nokia Software Updater --> MsiExec.exe /X{FE5D756F-71E1-47C4-972A-D6775344B40B}
NVIDIA Drivers --> C:\WINDOWS\system32\nvudisp.exe UninstallGUI
NVIDIA nTune --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF} /l1033
PC Connectivity Solution --> MsiExec.exe /I{99A40651-0BC2-4095-8F9A-A40FAB224FEF}
QT Lite 1.1.1 --> "C:\Program Files\QT Lite\unins000.exe"
QuickTime --> MsiExec.exe /I{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}
Revo Uninstaller 1.34 --> C:\Program Files\VS Revo Group\Revo Uninstaller\uninst.exe
Skype 3.5 --> MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
SopCast 1.1.2 --> C:\Program Files\SopCast\uninst.exe
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins001.exe"
Spybot - Search & Destroy 1.4 --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
SpywareBlaster v3.5.1 --> "C:\Program Files\SpywareBlaster\unins000.exe"
SRS Audio Sandbox --> MsiExec.exe /X{7838752C-A838-4C73-849C-625C6114AF0C}
Star Downloader Free --> C:\PROGRA~1\STARDO~1\UNWISE.EXE C:\PROGRA~1\STARDO~1\INSTALL.LOG
SUPERAntiSpyware Free Edition --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
Video Convert Split Merge Studio v6.8.2 Build 567 --> "C:\Program Files\Video Convert Split Merge Studio\unins000.exe"
VideoLAN VLC media player 0.8.6c --> C:\Program Files\VLC\uninstall.exe
Windows Communication Foundation --> MsiExec.exe /X{491DD792-AD81-429C-9EB4-86DD3D22E333}
Windows Driver Package - Nokia (WUDFRd) WPD (06/01/2007 6.84.33.0) --> C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccswpddri_044C8712DB44F83D9DE6C376991EE9254E0A69E4\pccswpddriver.inf
Windows Driver Package - Nokia Modem (02/15/2007 3.1) --> C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccs_bluet_8B37DC72918CCD58A6EC20373AF6242B037A293B\pccs_bluetooth.inf
Windows Driver Package - Nokia Modem (02/15/2007 3.1) --> C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccs_bluet_F12A08B6F776984A95553486F64C541356F86E38\pccs_bluetooth.inf
Windows Driver Package - Nokia Modem (05/24/2007 6.84.0.1) --> C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokbtmdm_5E1541AFF1E1EA3554CE566743CCAD323ED1C108\nokbtmdm.inf
Windows Driver Package - Nokia Modem (08/03/2007 6.84.0.2) --> C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokbtmdm_1EB5F2E6F54A6BEDE9F436D1BA5D830FC71739BE\nokbtmdm.inf
Windows Driver Package - Nokia Modem (08/08/2007 3.3) --> C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccs_bluet_32E2E448B53EE5B28E074D88802D0BAF984038DA\pccs_bluetooth.inf
Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Live Mail --> MsiExec.exe /I{EDB619FD-4E71-403C-8E99-DFC9CF9DD345}
Windows Live Messenger --> MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live Sign-in Assistant --> MsiExec.exe /I{CB5EA99C-8A5B-49F2-9A1A-2EF78BE4DB41}
Windows Media Encoder 9 Series --> msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Encoder 9 Series --> MsiExec.exe /I{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Presentation Foundation --> MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows Vista Upgrade Advisor --> MsiExec.exe /I{7A2B077D-D7AC-4215-B0FB-5EA581E549E6}
Windows Workflow Foundation --> MsiExec.exe /I{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
WinZip 11.1 --> MsiExec.exe /X{CD95F661-A5C4-44F5-A6AA-ECDD91C240B5}
Xfire (remove only) --> "C:\Program Files\Xfire\uninst.exe"
XML Paper Specification Shared Components Pack 1.0 -->
ZoneAlarm --> C:\Program Files\Zone Labs\ZoneAlarm\zauninst.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type3225 / Success
Event Submitted/Written: 10/05/2007 02:05:02 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type3223 / Warning
Event Submitted/Written: 10/05/2007 02:04:00 PM
Event ID/Source: 1015 / EvntAgnt
Event Description:
TraceLevel parameter not located in registry;
Default trace level used is 32.

Event Record #/Type3222 / Warning
Event Submitted/Written: 10/05/2007 02:04:00 PM
Event ID/Source: 1003 / EvntAgnt
Event Description:
TraceFileName parameter not located in registry;
Default trace file used is .

Event Record #/Type3218 / Warning
Event Submitted/Written: 10/05/2007 02:02:24 PM
Event ID/Source: 1015 / EvntAgnt
Event Description:
TraceLevel parameter not located in registry;
Default trace level used is 32.

Event Record #/Type3217 / Warning
Event Submitted/Written: 10/05/2007 02:02:24 PM
Event ID/Source: 1003 / EvntAgnt
Event Description:
TraceFileName parameter not located in registry;
Default trace file used is .



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type17253 / Warning
Event Submitted/Written: 10/03/2007 07:08:53 PM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Event Record #/Type17102 / Warning
Event Submitted/Written: 10/02/2007 04:04:19 PM
Event ID/Source: 51 / Cdrom
Event Description:
An error was detected on device \Device\CdRom0 during a paging operation.

Event Record #/Type16480 / Error
Event Submitted/Written: 09/28/2007 11:14:40 AM
Event ID/Source: 7031 / Service Control Manager
Event Description:
The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

Event Record #/Type16479 / Error
Event Submitted/Written: 09/28/2007 11:14:31 AM
Event ID/Source: 7031 / Service Control Manager
Event Description:
The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

Event Record #/Type16264 / Error
Event Submitted/Written: 09/26/2007 09:49:09 PM
Event ID/Source: 7031 / Service Control Manager
Event Description:
The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.



-- End of Deckard's System Scanner: finished at 2007-10-05 14:12:10 ------------

Edited by IcedOut3, 04 October 2007 - 11:13 PM.


#4 Papakid

Papakid

    Guru at being a Newbie


  • Malware Response Team
  • 6,582 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:01:06 AM

Posted 04 October 2007 - 11:13 PM

Just the scans I ask for, please. DSS actually includes a HJT log.

Also we prefer that you not edit your posts to add or subtract information. Just use edit for spelling and typos, otherwise it can lead to confusion.

The fate of all mankind, I see

Is in the hands of fools

--King Crimson


#5 IcedOut3

IcedOut3
  • Topic Starter

  • Members
  • 75 posts
  • OFFLINE
  •  
  • Local time:01:06 AM

Posted 04 October 2007 - 11:16 PM

Just the scans I ask for, please. DSS actually includes a HJT log.

Also we prefer that you not edit your posts to add or subtract information. Just use edit for spelling and typos, otherwise it can lead to confusion.


Oh okay, sorry about that. The logs you asked for are there
thanks

#6 Papakid

Papakid

    Guru at being a Newbie


  • Malware Response Team
  • 6,582 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:01:06 AM

Posted 05 October 2007 - 09:53 PM

It's just as well. I see no obvious signs of malware. You have a boatload of applications running and looks like you're adding and removing programs a lot--makes it difficult to troubleshoot problems that way if it is misbehaving or misconfigured software. For example I see you've switched from Comodo to ZoneAlarm. When was the last time you defragged and ran a disk check? Look over the following thread and see if it helps: Slow Computer/browser? Check Here First; It May Not Be Malware

Best I can tell you is to ask for help in the following forums: Windows XP Home and Professional
Hardware

There is a lot of good information in the DSS log that might be helpful so I suggest linking back to this thread and let them know you are free of malware.

Do you run a gaming server? If so it might be a good idea to post in the Games forum.

The fate of all mankind, I see

Is in the hands of fools

--King Crimson


#7 IcedOut3

IcedOut3
  • Topic Starter

  • Members
  • 75 posts
  • OFFLINE
  •  
  • Local time:01:06 AM

Posted 10 October 2007 - 06:37 AM

I don't run any gaming servers, and run Defrags pretty regularly. I will post in the other forums, see what help I can get. THanks for looking into the HJT log :thumbsup: appreciate it. also will read through the links thanks




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users