Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Problem With Obfuskated Virus


  • This topic is locked This topic is locked
13 replies to this topic

#1 tristenkw5

tristenkw5

  • Members
  • 71 posts
  • OFFLINE
  •  
  • Local time:09:31 PM

Posted 20 April 2008 - 07:54 PM

This is my 4th time or so here, so I know this process pretty well. I did as the updated posting guide said, except I couldn't run a Kasphey or whatever scan because of some compatibility problem.

I think it may have been from an itunes or ipod update, but somehow a virus has gotten onto my computer, claiming to get rid of other viruses. Other viruses it happened to bring along. Trojans and such. My AVG Free anitvirus helped get rid of those, but the main O virus keeps poping up.

And after I restarted my computer (because it started slowing down) my desktop changed blue with yellow and white writing claiming Spyware has entered my PC and I should click here to fix it, or something to that effect. I really don't feel like typing it all, but of course I will if you really need it.

So here are the logs, please help at your convienice.

Deckard's System Scanner v20071014.68
Run by Administrator on 2008-04-20 19:38:01
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
40: 2008-04-21 00:38:29 UTC - RP243 - Deckard's System Scanner Restore Point
39: 2008-04-14 21:08:27 UTC - RP242 - System Checkpoint
38: 2008-04-13 17:48:58 UTC - RP241 - Installed iTunes
37: 2008-04-09 22:58:27 UTC - RP240 - Installed Java™ 6 Update 5
36: 2008-04-09 20:44:48 UTC - RP239 - Software Distribution Service 3.0


-- First Restore Point --
1: 2008-01-28 02:07:37 UTC - RP204 - Removed Zune


Backed up registry hives.
Performed disk cleanup.

Percentage of Memory in Use: 79% (more than 75%).


-- HijackThis (run as Administrator.exe) ---------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:43:35 PM, on 4/20/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\wmsdkns.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\system32\lxcycoms.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\winself.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\ZuneBusEnum.exe
C:\Documents and Settings\All Users\Application Data\opgpwhux\mhavglkj.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Lexmark 3400 Series\lxcymon.exe
C:\Program Files\Lexmark 3400 Series\ezprint.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\Search Settings\SearchSettings.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\Zamaan's Software\Pepsi Volume Controller 3.0\pvc3.0.exe
F:\Zune\ZuneLauncher.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\PROGRA~1\Yahoo!\YOP\SSDK02.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\mrofinu72.exe
C:\WINDOWS\system32\regsvr32.exe
C:\Program Files\webHancer\Programs\whagent.exe
C:\Program Files\GoGoData.com\GoGoData Toolbar\GoGoTray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\PROGRA~1\GoGoData.com\GOGODA~1\ADBUST~1.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\WiFiConnector\NintendoWFCReg.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Bat\X_Bat.exe
C:\Program Files\Change Mon Ecran\CmeSystray.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Documents and Settings\Administrator\Desktop\dss.exe
C:\DOCUME~1\ADMINI~1\Desktop\EMUS\SPYWAR~1\HIJACK~1\Administrator.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:6711;
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
F2 - REG:system.ini: UserInit=userinit.exe,C:\WINDOWS\system32\wmsdkns.exe,
O2 - BHO: (no name) - {00000250-0320-4dd4-be4f-7566d2314352} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: (no name) - {13197ace-6851-45c3-a7ff-c281324d5489} - (no file)
O2 - BHO: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFre1.dll
O2 - BHO: (no name) - {15651c7c-e812-44a2-a9ac-b467a2233e7d} - (no file)
O2 - BHO: (no name) - {1a8523dc-1dd2-11b2-8f50-a0f5b7cb9b7f} - C:\WINDOWS\dchehsda.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.4.29.dll
O2 - BHO: (no name) - {4e1075f4-eec4-4a86-add7-cd5f52858c31} - (no file)
O2 - BHO: (no name) - {4e7bd74f-2b8d-469e-92c6-ce7eb590a94d} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {5929cd6e-2062-44a4-b2c5-2c7e78fbab38} - (no file)
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\common\yiesrvc.dll
O2 - BHO: (no name) - {5dafd089-24b1-4c5e-bd42-8ca72550717b} - (no file)
O2 - BHO: (no name) - {5fa6752a-c4a0-4222-88c2-928ae5ab4966} - (no file)
O2 - BHO: (no name) - {622cc208-b014-4fe0-801b-874a5e5e403a} - (no file)
O2 - BHO: BatBHO - {63F7460B-C831-4142-A4AA-5EC303EC4343} - C:\Program Files\Bat\Bat.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: StFlex IE Helper - {8334A30C-49E5-489a-B63D-5B927C1EF46E} - C:\Program Files\QdrDrive\QdrDrive15.dll
O2 - BHO: (no name) - {8674aea0-9d3d-11d9-99dc-00600f9a01f1} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {965a592f-8efa-4250-8630-7960230792f1} - (no file)
O2 - BHO: (no name) - {9c5b2f29-1f46-4639-a6b4-828942301d3e} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: WhIeHelperObj Class - {c900b400-cdfe-11d3-976a-00e02913a9e0} - C:\Program Files\webHancer\programs\whiehlpr.dll
O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765728274} - (no file)
O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb125\SearchSettings.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O2 - BHO: (no name) - {fc3a74e5-f281-4f10-ae1e-733078684f3c} - (no file)
O2 - BHO: (no name) - {ffff0001-0002-101a-a3c9-08002b2f49fb} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFre1.dll
O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [WindowsUI] C:\WINDOWS\WINDOWS\WindowsUI.exe
O4 - HKLM\..\Run: [lxcymon.exe] "C:\Program Files\Lexmark 3400 Series\lxcymon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 3400 Series\ezprint.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [LXCYCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCYtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [Pepsi Volume Controller 3.0] C:\Program Files\Zamaan's Software\Pepsi Volume Controller 3.0\pvc3.0.exe
O4 - HKLM\..\Run: [Zune Launcher] "f:\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu72.exe 61A847B5BBF72815308B2B27128065E9C084320161C4661227A755E9C2933154389A
O4 - HKLM\..\Run: [zglovsta] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\zglovsta.dll"
O4 - HKLM\..\Run: [webHancer Agent] C:\Program Files\webHancer\Programs\whagent.exe
O4 - HKCU\..\Run: [GoGoTray.exe] C:\Program Files\GoGoData.com\GoGoData Toolbar\GoGoTray.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RocketDock] "C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [WindowsUI] C:\WINDOWS\WINDOWS\WindowsUI.exe
O4 - HKLM\..\Policies\Explorer\Run: [SMVAAlMv6g] C:\Documents and Settings\All Users\Application Data\opgpwhux\mhavglkj.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: Bat - Auto Update.lnk = C:\Program Files\Bat\Bat.exe
O4 - Startup: Cme.lnk = C:\Program Files\Change Mon Ecran\Change Mon Ecran.exe
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
O4 - Global Startup: Desktop Manager.lnk = F:\Program Files\DesktopMgr.exe
O4 - Global Startup: Run Nintendo Wi-Fi USB Connector Registration Tool.lnk = C:\Program Files\WiFiConnector\NintendoWFCReg.exe
O4 - Global Startup: WindowsUI.exe.lnk = C:\WINDOWS\explorer.exe
O8 - Extra context menu item: Add to Change Mon Ecran - c:\windows\CmeIE.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\common\yiesrvc.dll
O9 - Extra button: (no name) - {7B6E4BB4-8464-47CF-9A5B-F82F6B408A6E} - C:\PROGRA~1\GoGoData.com\GOGODA~1\TOMAHA~1.DLL (file missing)
O9 - Extra 'Tools' menuitem: GoGoData AdBuster - {7B6E4BB4-8464-47CF-9A5B-F82F6B408A6E} - C:\PROGRA~1\GoGoData.com\GOGODA~1\TOMAHA~1.DLL (file missing)
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "C:\Program Files\Fiddler2\Fiddler.exe" (file missing)
O9 - Extra 'Tools' menuitem: Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "C:\Program Files\Fiddler2\Fiddler.exe" (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/u...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {1E3F1348-4370-4BBE-A67A-CC7ED824CA85} (Microsoft Genuine Advantage Self Support Tool) - http://go.microsoft.com/fwlink/?LinkId=82580
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2F6265C6-3D7D-44B9-97FE-3993B9248EC1} (Plugin Class) - http://smashmash.tv/InstallSmashMashPlugin.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1121808448843
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v4.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1198953485921
O16 - DPF: {7823A620-9DD9-11CF-A662-00AA00C066D2} (PopupMenu Object) - http://activex.microsoft.com/controls/iexp.../x86/iemenu.cab
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - http://ipgweb.cce.hp.com/rdqcpc/downloads/msxml4.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols3/fscax.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab34246.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownlo...GPlugin9USA.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {EB6D7E70-AAA9-40D9-BA05-F214089F2275} (Vitalize Class) - http://www.clickteam.com/vitalize3/vitalize.cab
O22 - SharedTaskScheduler: USB Ware - {E2CA7CD1-1AD9-F1C4-3D2A-DC1A33E7AF9D} - (no file)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxcy_device - - C:\WINDOWS\system32\lxcycoms.exe
O23 - Service: MsSecurity Updated (MsSecurity1.209.4) - Unknown owner - C:\WINDOWS\winself.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O24 - Desktop Component 1: (no name) - http://gamercard.xbox.com/tristenkw5.card

--
End of file - 19362 bytes

-- HijackThis Fixed Entries (C:\DOCUME~1\ADMINI~1\Desktop\EMUS\SPYWAR~1\HIJACK~1\backups\) --------------------------------------------------------------------------------

backup-20060414-180609-467 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
backup-20060414-180742-481 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
backup-20061115-205441-234 O4 - HKLM\..\Run: [shdef] C:\WINDOWS\shdef.exe
backup-20061115-205441-288 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html
backup-20061115-205441-501 O4 - HKLM\..\RunServices: [Windows Update] C:\WINDOWS\scvhost.exe
backup-20061115-205441-534 O3 - Toolbar: GoGoData AdBuster - {3EB9C349-7473-48AC-A59B-42F31751974B} - C:\PROGRA~1\GoGoData.com\GOGODA~1\TOMAHA~1.DLL (file missing)
backup-20061115-205441-546 O2 - BHO: Nothing - {8d83b16e-0de1-452b-ac52-96ec0b34aa4b} - C:\WINDOWS\system32\hpF02C.tmp (file missing)
backup-20061115-205441-699 O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
backup-20061115-205441-766 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
backup-20061115-205441-818 O4 - HKLM\..\Run: [Windows Update] C:\WINDOWS\scvhost.exe
backup-20070619-155522-531 O16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} - http://drivecleaner.com/.freeware/installd...leanerstart.cab
backup-20071127-170521-152 O20 - Winlogon Notify: jkkihfc - jkkihfc.dll (file missing)
backup-20071127-170521-337 O2 - BHO: (no name) - {82F3B9DB-4A23-4B2D-92F5-C866A09EC967} - C:\Program Files\MSN Gaming Zone\hokes4444.dll (file missing)
backup-20071127-170521-569 O2 - BHO: (no name) - {6AA3809C-6261-456F-8FCA-43FE39ADC5E9} - C:\WINDOWS\system32\jkkihfc.dll (file missing)
backup-20071127-170521-610 O2 - BHO: (no name) - {6D54537C-FB81-4DCB-94FF-B4A36E1B7F3E} - C:\WINDOWS\system32\ddcca.dll (file missing)
backup-20071127-170521-942 O2 - BHO: (no name) - {79DB6BB1-14F2-4967-A816-9395985EB2D2} - C:\Program Files\MSN Gaming Zone\hokes83122.dll (file missing)

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 prohlp02 (StarForce Protection Helper Driver v2) - c:\windows\system32\drivers\prohlp02.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 sfdrv01 (StarForce Protection Environment Driver (version 1.x)) - c:\windows\system32\drivers\sfdrv01.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 sfhlp01 (StarForce Protection Helper Driver) - c:\windows\system32\drivers\sfhlp01.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 sfhlp02 (StarForce Protection Helper Driver (version 2.x)) - c:\windows\system32\drivers\sfhlp02.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 sfvfs02 (StarForce Protection VFS Driver (version 2.x)) - c:\windows\system32\drivers\sfvfs02.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 Teefer (Teefer for NT) - c:\windows\system32\drivers\teefer.sys <Not Verified; Sygate Technologies, Inc.; Sygate Teefer Driver>
R0 TPkd - c:\windows\system32\drivers\tpkd.sys <Not Verified; PACE Anti-Piracy, Inc.; InterLok®>
R1 prodrv06 (StarForce Protection Environment Driver v6) - c:\windows\system32\drivers\prodrv06.sys <Not Verified; Protection Technology; StarForce Protection System>
R1 wpsdrvnt - c:\windows\system32\drivers\wpsdrvnt.sys <Not Verified; Sygate Technologies, Inc.; wpsdrvnt>

S1 oreans32 - c:\windows\system32\drivers\oreans32.sys (file missing)
S3 catchme - c:\docume~1\admini~1\locals~1\temp\catchme.sys (file missing)
S3 EagleNT - c:\windows\system32\drivers\eaglent.sys (file missing)
S3 RT25USBAP (Nintendo Wi-Fi USB Connector Service) - c:\windows\system32\drivers\rt25usbap.sys <Not Verified; Ralink Technology Inc.; Ralink 802.11g Wireless USB Adapters>
S3 w200bus (Sony Ericsson W200 driver (WDM)) - c:\windows\system32\drivers\w200bus.sys <Not Verified; MCCI; Sony Ericsson W200>
S3 w200mdfl (Sony Ericsson W200 USB WMC Modem Filter) - c:\windows\system32\drivers\w200mdfl.sys <Not Verified; MCCI; Sony Ericsson W200 USB WMC Modem Filter Driver>
S3 w200mdm (Sony Ericsson W200 USB WMC Modem Driver) - c:\windows\system32\drivers\w200mdm.sys <Not Verified; MCCI; Sony Ericsson W200 USB WMC Data Modem>
S3 w200mgmt (Sony Ericsson W200 USB WMC Device Management Drivers (WDM)) - c:\windows\system32\drivers\w200mgmt.sys <Not Verified; MCCI; Sony Ericsson W200 USB WMC Device Management>
S3 w200obex (Sony Ericsson W200 USB WMC OBEX Interface) - c:\windows\system32\drivers\w200obex.sys <Not Verified; MCCI; Sony Ericsson W200 USB WMC OBEX Interface>
S3 XTrapD12 - c:\windows\system32\xtrapd12.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 Bonjour Service - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Inc.; Bonjour>
R2 MsSecurity1.209.4 (MsSecurity Updated) - c:\windows\winself.exe service
R2 Viewpoint Manager Service - "c:\program files\viewpoint\common\viewpointservice.exe" <Not Verified; Viewpoint Corporation; Viewpoint Manager>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-04-15 22:25:11 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2008-04-13 02:16:03 330 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job
2008-02-22 16:34:19 424 --a------ C:\WINDOWS\Tasks\Norton Security Scan.job


-- Files created between 2008-03-20 and 2008-04-20 -----------------------------

2008-04-20 19:20:02 110592 --a------ C:\WINDOWS\system32\jadsnmla.exe
2008-04-20 16:34:30 19200 --a------ C:\WINDOWS\stcloader.exe
2008-04-20 16:34:29 25856 --a------ C:\WINDOWS\voiceip.dll
2008-04-20 16:34:28 24832 --a------ C:\WINDOWS\swin32.dll
2008-04-20 16:34:27 20224 --a------ C:\WINDOWS\cdsm32.dll
2008-04-20 16:34:27 20736 --a------ C:\WINDOWS\bokja.exe
2008-04-20 16:34:26 31232 --a------ C:\WINDOWS\mssvr.exe
2008-04-20 16:34:25 19968 --a------ C:\WINDOWS\mspphe.dll
2008-04-20 16:34:25 24832 --a------ C:\WINDOWS\bjam.dll
2008-04-20 16:34:24 14592 --a------ C:\WINDOWS\2020search2.dll
2008-04-20 16:34:23 29440 --a------ C:\WINDOWS\2020search.dll
2008-04-20 16:34:13 16640 --a------ C:\WINDOWS\saiemod.dll
2008-04-20 16:34:12 27136 --a------ C:\WINDOWS\msapasrc.dll
2008-04-20 16:34:11 10240 --a------ C:\WINDOWS\msa64chk.dll
2008-04-20 16:34:10 14592 --a------ C:\WINDOWS\shdocpl.dll
2008-04-20 16:34:09 26368 --a------ C:\WINDOWS\shdocpe.dll
2008-04-20 16:34:09 18432 --a------ C:\WINDOWS\ntnut.exe
2008-04-20 16:34:07 31488 --a------ C:\WINDOWS\winsb.dll
2008-04-20 16:34:06 26880 --a------ C:\WINDOWS\browserad.dll
2008-04-20 16:34:06 26880 --a------ C:\WINDOWS\aviwrap32.dll
2008-04-20 16:34:05 22272 --a------ C:\WINDOWS\avisynthex32.dll
2008-04-20 16:34:04 20992 --a------ C:\WINDOWS\avifile32.dll
2008-04-20 16:34:04 23296 --a------ C:\WINDOWS\autodisc32.dll
2008-04-20 16:34:03 19968 --a------ C:\WINDOWS\audiosrv32.dll
2008-04-20 16:34:03 30976 --a------ C:\WINDOWS\ati2dvag32.dll
2008-04-20 16:34:02 25856 --a------ C:\WINDOWS\ati2dvaa32.dll
2008-04-20 16:34:01 12544 --a------ C:\WINDOWS\athprxy32.dll
2008-04-20 16:34:01 12032 --a------ C:\WINDOWS\asycfilt32.dll
2008-04-20 16:34:01 19200 --a------ C:\WINDOWS\asferror32.dll
2008-04-20 16:34:00 21248 --a------ C:\WINDOWS\changeurl_30.dll
2008-04-20 16:34:00 18688 --a------ C:\WINDOWS\apphelp32.dll
2008-04-20 15:28:41 0 d-------- C:\Documents and Settings\All Users\Application Data\Rabio
2008-04-20 15:23:12 0 d-------- C:\Documents and Settings\LocalService\Application Data\Macromedia
2008-04-20 15:23:07 0 d-------- C:\Documents and Settings\LocalService\Application Data\Adobe
2008-04-20 15:22:57 0 d-------- C:\Documents and Settings\All Users\Application Data\opgpwhux
2008-04-20 15:22:49 0 d-------- C:\WINDOWS\PerfInfo
2008-04-20 15:22:49 0 d-------- C:\WINDOWS\mgwwgmke
2008-04-20 15:22:45 65024 --a------ C:\Documents and Settings\All Users\Application Data\zglovsta.dll
2008-04-20 15:22:44 0 d-------- C:\Program Files\QdrModule
2008-04-20 15:22:41 192512 --a------ C:\WINDOWS\srqjajyf.dll
2008-04-20 15:22:38 65024 --a------ C:\WINDOWS\dchehsda.dll
2008-04-20 15:22:36 0 d-------- C:\Program Files\QdrDrive
2008-04-20 15:22:23 0 d-------- C:\Program Files\ISM
2008-04-20 15:22:23 0 d-------- C:\Documents and Settings\LocalService\Application Data\Google
2008-04-20 15:22:20 0 d---s---- C:\Documents and Settings\LocalService\Favorites
2008-04-20 15:22:19 4 --a------ C:\WINDOWS\system32\winfrun32.bin
2008-04-20 15:22:15 0 d-------- C:\Program Files\Bat
2008-04-20 15:22:14 0 d-------- C:\Program Files\webHancer
2008-04-20 15:22:11 89515 --a------ C:\WINDOWS\system32\wmsdkns.exe <Not Verified; Microsoft; XML Media>
2008-04-20 15:22:11 89515 --a------ C:\WINDOWS\lfn.exe <Not Verified; Microsoft; XML Media>
2008-04-20 15:22:01 38400 --a------ C:\WINDOWS\mrofinu72.exe
2008-04-20 15:21:54 28672 --a------ C:\WINDOWS\winself.exe
2008-04-13 20:09:04 0 d-------- C:\Documents and Settings\Administrator\Application Data\Trash
2008-04-13 20:03:16 0 d-------- C:\Program Files\Trash
2008-04-13 12:57:24 0 d-------- C:\Program Files\iPod
2008-04-13 12:56:55 0 d-------- C:\Program Files\iTunes
2008-04-13 09:12:35 0 d-------- C:\Documents and Settings\Administrator\Application Data\Skype
2008-04-06 19:01:07 0 d-------- C:\Documents and Settings\NetworkService\Application Data\Google
2008-04-06 19:01:06 0 d---s---- C:\Documents and Settings\NetworkService\Favorites
2008-04-05 00:29:14 270694 --a------ C:\WINDOWS\system32\000090.exe
2008-04-03 22:20:53 0 d-------- C:\Soldat
2008-04-03 22:20:53 0 d-------- C:\Documents and Settings\Administrator\Application Data\Soldat
2008-03-31 16:25:48 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivXョ>
2008-03-31 16:25:48 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivXョ>
2008-03-31 16:25:46 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2008-03-31 16:25:46 831488 --a------ C:\WINDOWS\system32\divx_xx0a.dll
2008-03-31 16:25:46 682496 --a------ C:\WINDOWS\system32\DivX.dll <Not Verified; DivX, Inc.; DivXョ>
2008-03-30 22:57:12 0 d-------- C:\Documents and Settings\Administrator\Application Data\Research In Motion
2008-03-30 22:53:24 0 d-------- C:\Documents and Settings\Administrator\Application Data\Blackberry Desktop
2008-03-30 22:52:51 0 d-------- C:\Program Files\Common Files\Research In Motion
2008-03-23 18:52:39 27648 ---hs---- C:\WINDOWS\system32\Smab0.dll
2008-03-23 18:52:38 31232 -r-hs---- C:\WINDOWS\system32\msfDX.dll <Not Verified; Hans Mayerl; msfDX.dll>
2008-03-23 18:51:14 163328 -r-hs---- C:\WINDOWS\system32\flvDX.dll <Not Verified; Gabest; FLV Splitter>
2008-03-23 18:50:58 0 d-------- C:\Program Files\eRightSoft
2008-03-23 16:25:01 0 d-------- C:\Program Files\Fiddler2
2008-03-23 16:23:44 0 d-------- C:\Program Files\Audiosurf
2008-03-23 15:47:45 90112 --a------ C:\WINDOWS\unvise32.exe <Not Verified; MindVision Software; Installer VISE>
2008-03-23 15:45:48 0 d-------- C:\Program Files\The Rosetta Stone
2008-03-21 21:56:51 0 d-------- C:\Documents and Settings\LogMeInRemoteUser\Favorites
2008-03-21 21:56:51 0 d-------- C:\Documents and Settings\LogMeInRemoteUser\Desktop
2008-03-21 21:56:51 0 d---s---- C:\Documents and Settings\LogMeInRemoteUser\Cookies
2008-03-21 21:56:51 0 dr-h----- C:\Documents and Settings\LogMeInRemoteUser\Application Data
2008-03-21 21:56:51 0 d---s---- C:\Documents and Settings\LogMeInRemoteUser\Application Data\Microsoft
2008-03-21 21:56:50 0 d--h----- C:\Documents and Settings\LogMeInRemoteUser\Templates
2008-03-21 21:56:50 0 dr------- C:\Documents and Settings\LogMeInRemoteUser\Start Menu
2008-03-21 21:56:50 0 dr-h----- C:\Documents and Settings\LogMeInRemoteUser\SendTo
2008-03-21 21:56:50 0 d--h----- C:\Documents and Settings\LogMeInRemoteUser\Recent
2008-03-21 21:56:50 0 d--h----- C:\Documents and Settings\LogMeInRemoteUser\PrintHood
2008-03-21 21:56:50 262144 --ah----- C:\Documents and Settings\LogMeInRemoteUser\NTUSER.DAT
2008-03-21 21:56:50 0 d--h----- C:\Documents and Settings\LogMeInRemoteUser\NetHood
2008-03-21 21:56:50 0 d-------- C:\Documents and Settings\LogMeInRemoteUser\My Documents
2008-03-21 21:56:50 0 d--h----- C:\Documents and Settings\LogMeInRemoteUser\Local Settings
2008-03-21 20:49:35 0 d-------- C:\Program Files\LogMeIn
2008-03-21 15:28:54 196608 --a------ C:\WINDOWS\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2008-03-21 15:28:54 81920 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2008-03-21 15:28:20 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll


-- Find3M Report ---------------------------------------------------------------

2008-04-20 19:20:37 0 d-------- C:\Program Files\lx_cats
2008-04-20 19:18:45 0 d-------- C:\Program Files\QuickTime
2008-04-20 17:03:17 0 d-------- C:\Documents and Settings\Administrator\Application Data\LimeWire
2008-04-09 19:52:52 0 d-------- C:\Program Files\DivX
2008-04-09 18:03:28 0 d-------- C:\Program Files\Java
2008-04-06 15:59:13 0 d-------- C:\Program Files\LimeWire
2008-03-30 22:52:51 0 d-------- C:\Program Files\Common Files
2008-03-25 18:05:21 0 d-------- C:\Program Files\BitComet
2008-03-23 20:10:59 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-03-21 15:30:08 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-03-19 14:00:58 0 d-------- C:\Documents and Settings\Administrator\Application Data\Apple Computer
2008-03-14 23:46:18 0 d-------- C:\Program Files\CDisplay
2008-02-29 23:18:34 0 d-------- C:\Program Files\Google
2008-02-29 23:09:38 0 d-------- C:\Program Files\Windows Live
2008-02-29 23:08:36 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
2008-02-29 19:06:09 0 d-------- C:\Program Files\Bonjour
2008-02-27 21:33:09 0 d-------- C:\Documents and Settings\Administrator\Application Data\MySpace
2008-02-27 21:32:57 0 d-------- C:\Program Files\MySpace
2008-02-26 01:37:03 57952 --a------ C:\Documents and Settings\Administrator\Application Data\GDIPFONTCACHEV1.DAT
2008-02-26 00:45:03 0 d-------- C:\Documents and Settings\Administrator\Application Data\hott notes 4
2008-02-26 00:44:54 0 d-------- C:\Program Files\hott notes 4
2008-02-26 00:26:42 0 d-------- C:\Program Files\WordToys
2008-02-25 22:39:54 1891 --a------ C:\WINDOWS\mozver.dat
2008-02-22 19:19:20 0 d-------- C:\Program Files\GIMP-2.0
2008-02-22 16:01:15 0 d-------- C:\Program Files\Norton Security Scan
2008-02-21 22:49:40 0 d-------- C:\Program Files\AIM6
2008-02-21 22:48:29 0 d-------- C:\Program Files\Viewpoint
2008-02-07 16:15:06 408576 --a------ C:\WINDOWS\system32\Smab.dll


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00000250-0320-4dd4-be4f-7566d2314352}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{13197ace-6851-45c3-a7ff-c281324d5489}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
12/17/2007 11:24 PM 1502232 --a------ C:\Program Files\Freecorder\tbFre1.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{15651c7c-e812-44a2-a9ac-b467a2233e7d}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1a8523dc-1dd2-11b2-8f50-a0f5b7cb9b7f}]
04/20/2008 03:22 PM 65024 --a------ C:\WINDOWS\dchehsda.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4e1075f4-eec4-4a86-add7-cd5f52858c31}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4e7bd74f-2b8d-469e-92c6-ce7eb590a94d}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5929cd6e-2062-44a4-b2c5-2c7e78fbab38}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5dafd089-24b1-4c5e-bd42-8ca72550717b}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5fa6752a-c4a0-4222-88c2-928ae5ab4966}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{622cc208-b014-4fe0-801b-874a5e5e403a}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{63F7460B-C831-4142-A4AA-5EC303EC4343}]
03/07/2008 09:15 PM 413696 --a------ C:\Program Files\Bat\Bat.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8334A30C-49E5-489a-B63D-5B927C1EF46E}]
04/03/2008 03:05 PM 147456 --a------ C:\Program Files\QdrDrive\QdrDrive15.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8674aea0-9d3d-11d9-99dc-00600f9a01f1}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{965a592f-8efa-4250-8630-7960230792f1}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9c5b2f29-1f46-4639-a6b4-828942301d3e}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c900b400-cdfe-11d3-976a-00e02913a9e0}]
10/11/2007 01:49 PM 159744 --a------ C:\Program Files\webHancer\programs\whiehlpr.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{cf021f40-3e14-23a5-cba2-717765728274}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}]
12/06/2007 12:58 PM 1198432 --a------ C:\Program Files\Search Settings\kb125\SearchSettings.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fc3a74e5-f281-4f10-ae1e-733078684f3c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ffff0001-0002-101a-a3c9-08002b2f49fb}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{1392B8D2-5C05-419F-A8F6-B9F15A596612}"= C:\Program Files\Freecorder\tbFre1.dll [12/17/2007 11:24 PM 1502232]

[-HKEY_CLASSES_ROOT\CLSID\{1392B8D2-5C05-419F-A8F6-B9F15A596612}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [12/24/2007 09:33 PM]
"SoundMan"="SOUNDMAN.EXE" [04/28/2004 05:19 PM C:\WINDOWS\soundman.exe]
"YBrowser"="C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe" [07/21/2006 04:19 PM]
"Motive SmartBridge"="C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe" [12/10/2003 04:52 AM]
"YOP"="C:\PROGRA~1\Yahoo!\YOP\yop.exe" [06/26/2007 01:48 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 04:25 AM]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [01/02/2006 05:41 PM]
"SmcService"="C:\PROGRA~1\Sygate\SPF\smc.exe" [10/15/2004 08:40 PM]
"WindowsUI"="C:\WINDOWS\WINDOWS\WindowsUI.exe" []
"lxcymon.exe"="C:\Program Files\Lexmark 3400 Series\lxcymon.exe" [06/25/2007 09:34 AM]
"EzPrint"="C:\Program Files\Lexmark 3400 Series\ezprint.exe" [06/25/2007 09:34 AM]
"FaxCenterServer"="C:\Program Files\Lexmark Fax Solutions\fm3032.exe" [06/25/2007 09:35 AM]
"LXCYCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCYtime.dll" [11/21/2006 12:27 PM]
"SearchSettings"="C:\Program Files\Search Settings\SearchSettings.exe" [12/06/2007 12:58 PM]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [04/04/2007 02:01 AM]
"Pepsi Volume Controller 3.0"="C:\Program Files\Zamaan's Software\Pepsi Volume Controller 3.0\pvc3.0.exe" [04/08/2006 02:56 AM]
"Zune Launcher"="f:\Zune\ZuneLauncher.exe" [01/11/2008 06:54 PM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 11:16 PM]
"LogMeIn GUI"="C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" [08/03/2007 03:09 PM]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [03/28/2008 11:37 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [03/30/2008 10:36 AM]
"runner1"="C:\WINDOWS\mrofinu72.exe" [04/20/2008 03:22 PM]
"zglovsta"="regsvr32 /u C:\Documents and Settings\All Users\Application Data\zglovsta.dll" []
"webHancer Agent"="C:\Program Files\webHancer\Programs\whagent.exe" [10/11/2007 01:49 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sonic RecordNow!"="" []
"GoGoTray.exe"="C:\Program Files\GoGoData.com\GoGoData Toolbar\GoGoTray.exe" [01/30/2005 12:50 PM]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [06/05/2007 06:46 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [02/16/2005 10:18 AM]
"Aim6"="" []
"RocketDock"="C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe" [03/18/2007 05:05 PM]
"WindowsUI"="C:\WINDOWS\WINDOWS\WindowsUI.exe" []

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"MySpaceIM"=C:\Program Files\MySpace\IM\MySpaceIM.exe

C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Startup\
Bat - Auto Update.lnk - C:\Program Files\Bat\Bat.exe [4/20/2008 3:22:07 PM]
Cme.lnk - C:\Program Files\Change Mon Ecran\Change Mon Ecran.exe [11/19/2007 5:20:01 PM]
RocketDock.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [3/18/2007 5:05:02 PM]
TransBar.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe [6/1/2005 2:41:18 PM]
UberIcon.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe [5/21/2006 2:43:08 AM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Desktop Manager.lnk - F:\Program Files\DesktopMgr.exe [9/7/2006 12:53:02 PM]
Run Nintendo Wi-Fi USB Connector Registration Tool.lnk - C:\Program Files\WiFiConnector\NintendoWFCReg.exe [6/20/2007 6:31:03 PM]
WindowsUI.exe.lnk - C:\WINDOWS\explorer.exe [2/16/2005 10:18:56 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableCAD"=1 (0x1)
"DisableTaskMgr"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoDispBackgroundPage"=0 (0x0)
"DisableTaskMgr"=1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"SMVAAlMv6g"=C:\Documents and Settings\All Users\Application Data\opgpwhux\mhavglkj.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe,C:\WINDOWS\system32\wmsdkns.exe,"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
LMIinit.dll 11/15/2007 06:46 PM 87352 C:\WINDOWS\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SBC Self Support Tool.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SBC Self Support Tool.lnk
backup=C:\WINDOWS\pss\SBC Self Support Tool.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
"C:\Program Files\Windows Defender\MSASCui.exe" -hide


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9e4de814-dd88-11dc-9c24-00402b27ca99}]
AutoRun\command- G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c85a35df-b961-11dc-9c07-00402b27ca99}]
AutoRun\command- G:\wd_windows_tools\setup.exe


Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Celeron® CPU 1.70GHz
Percentage of Memory in Use: 76%
Physical Memory (total/avail): 637.98 MiB / 150.61 MiB
Pagefile Memory (total/avail): 793.34 MiB / 302.67 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1931.44 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 37.26 GiB total, 7.67 GiB free.
D: is CDROM (No Media)
E: is CDROM (No Media)
F: is Fixed (NTFS) - 37.27 GiB total, 15.64 GiB free.

\\.\PHYSICALDRIVE0 - ST340810A - 37.27 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 37.26 GiB - C:

\\.\PHYSICALDRIVE1 - WDC WD400EB-00CPF0 - 37.27 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 37.27 GiB - F:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.

FW: Sygate Personal Firewall v4.6 (Sygate Technologies, Inc.)
AV: AVG 7.5.519 v7.5.519 (Grisoft)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\BitComet\\BitComet.exe"="C:\\Program Files\\BitComet\\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client"
"C:\\Program Files\\WiFiConnector\\NintendoWFCReg.exe"="C:\\Program Files\\WiFiConnector\\NintendoWFCReg.exe:*:Enabled:Nintendo Wi-Fi Connector USB"
"C:\\Program Files\\Yahoo!\\browser\\ybrowser.exe"="C:\\Program Files\\Yahoo!\\browser\\ybrowser.exe:*:Enabled:Yahoo! Browser"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\WINDOWS\\WINDOWS\\WindowsUI.exe"="C:\\WINDOWS\\WINDOWS\\WindowsUI.exe:*:Enabled:WindowsUI"
"C:\\WINDOWS\\system32\\lxcycoms.exe"="C:\\WINDOWS\\system32\\lxcycoms.exe:*:Enabled:Lexmark Communications System"
"C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Enabled:Internet Explorer"
"C:\\Program Files\\mIRC\\mirc.exe"="C:\\Program Files\\mIRC\\mirc.exe:*:Enabled:mIRC"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Windows Media Player\\wmplayer.exe"="C:\\Program Files\\Windows Media Player\\wmplayer.exe:*:Enabled:Windows Media Player"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\BYOND\\bin\\byond.exe"="C:\\Program Files\\BYOND\\bin\\byond.exe:*:Enabled:byond"
"C:\\Soldat\\Soldat.exe"="C:\\Soldat\\Soldat.exe:*:Enabled:Soldat"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Trash\\Trash.exe"="C:\\Program Files\\Trash\\Trash.exe:*:Enabled:Trash"
"C:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"="C:\\Program Files\\MySpace\\IM\\MySpaceIM.exe:*:Enabled:MySpace Instant Messenger"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Administrator\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=MARY-1
ComSpec=C:\WINDOWS\system32\cmd.exe
DEFAULT_CA_NR=CA18
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Administrator
LANG=C
LOGONSERVER=\\MARY-1
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\Program Files\Internet Explorer;;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Common Files\GTK\2.0\bin;C:\Program Files\ATI Technologies\ATI.ACE\;C:\Program Files\Common Files\Teleca Shared;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 1 Stepping 3, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0103
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
SESSIONNAME=Console
sourcedir=C:\WINDOWS\Downloaded Installations\{649263F3-32A6-4A9D-9028-E6B8EAF8F529}\
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
USERDOMAIN=MARY-1
USERNAME=Administrator
USERPROFILE=C:\Documents and Settings\Administrator
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

LogMeInRemoteUser (admin)
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> "C:\Program Files\BZEdit1.6.5\uninstall.exe"
--> C:\PROGRA~1\SBCSEL~1\CustomUninstall.exe SBC
--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
--> C:\WINDOWS\system32\\MSIEXEC.EXE /I {09DA4F91-2A09-4232-AB8C-6BC740096DE3} REMOVE=UpdateMgrFeature
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19}
--> MsiExec /X{E2BE1618-AF5F-4F7D-8484-42E080EDF609}
--> MsiExec.exe /X{69495273-FCDC-4A86-BCB7-49B504D3FB0E}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
ABBYY FineReader 6.0 Sprint --> MsiExec.exe /X{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}
Ad-Aware SE Personal --> C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
AGEIA PhysX v7.01.12 --> MsiExec.exe /X{E2BE1618-AF5F-4F7D-8484-42E080EDF609}
AIM 6 --> C:\Program Files\AIM6\uninst.exe
AOL Instant Messenger --> C:\Program Files\AIM\uninstll.exe -LOG= C:\Program Files\AIM\install.log -OEM=
Apple Mobile Device Support --> MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
Armagetron Advanced 0.2.8.2.1.gcc --> C:\Documents and Settings\Administrator\Desktop\EMUS\Games\Tron\Armagetron Advanced\uninst.exe
AT&T Yahoo! Applications --> C:\PROGRA~1\Yahoo!\common\uninstall.exe
ATI - Software Uninstall Utility --> C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Catalyst Control Center --> MsiExec.exe /I{EA9FAF16-0E5C-42C4-9742-9AF8D5F6D69B}
ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
Audiosurf Beta --> "C:\Program Files\Audiosurf\unins000.exe"
AVG Free Edition --> C:\Program Files\Grisoft\AVG Free\setup.exe /UNINSTALL
Bat --> "C:\Program Files\Bat\un_BatSetup_15041.exe"
BitComet 0.67 --> C:\Program Files\BitComet\uninst.exe
BlackBerry Desktop Software 4.2 --> MsiExec.exe /i{37E1EB56-C59B-4C5C-B0B3-B5076046EF8A}
BlackBerry Desktop Software 4.2 --> MsiExec.exe /I{37E1EB56-C59B-4C5C-B0B3-B5076046EF8A}
Bonjour --> MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
bowWii Screen Saver --> C:\WINDOWS\system32\bowWii.scr /u
BroadJump Client Foundation --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\BroadJump\Client Foundation\Uninst.isu" -c"C:\Program Files\BroadJump\Client Foundation\RmvBJCFD.dll" -b"CFD" -h"CFD" -a
Build Your Own Net Dream (remove only) --> C:\Program Files\BYOND\Uninst.exe
Build Your Own Net Dream (remove only) --> C:\Program Files\BYOND\Uninst.exe
CCleaner (remove only) --> "C:\Documents and Settings\ADMINI~1\Desktop\EMUS\Spyware and virus downloads\CCleaner\uninst.exe"
CDisplay 1.8 --> "C:\Program Files\CDisplay\unins000.exe"
Change Mon Ecran V2.0 --> C:\Program Files\Change Mon Ecran\Cme-Desinstallation.exe
CleanUp! --> C:\Program Files\CleanUp!\uninstall.exe
Corona Visualization Plug-in for WMP --> MsiExec.exe /I{6C3CE73B-E7B8-4979-8740-1476C5CBDEBA}
coverimage1024 Wallpaper --> C:\WINDOWS\WEB\Wallpaper\coverimage1024 dir\uninstall.exe
DAEMON Tools --> MsiExec.exe /I{3DED3A72-61A8-4B87-98A5-EF0BC8038AA0}
dBpoweramp Monkeys Audio Codec --> "C:\WINDOWS\system32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\system32\SpoonUninstall-dBpoweramp Monkeys Audio Codec.dat
dBpowerAMP WMA V9.1 Codec --> "C:\WINDOWS\system32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\system32\SpoonUninstall-dBpowerAMP WMA V9.1 Codec.dat
DeepBurner v1.8.0.224 --> "C:\Program Files\Astonsoft\DeepBurner\Uninstall.exe" "C:\Program Files\Astonsoft\DeepBurner\install.log"
Disc2Phone --> MsiExec.exe /I{FFAB5ABB-8AAB-42E2-847F-1743E51E01E9}
Disc2Phone --> MsiExec.exe /X{C01408FC-117C-44B7-8B0C-17794E526A01}
DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter --> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
ewido anti-malware --> C:\Program Files\ewido anti-malware\Uninstall.exe
Fiddler2 (remove only) --> "C:\Program Files\Fiddler2\uninst.exe"
Fighter Factory 1.0.12.2005 (Update Pack 3) --> "C:\Documents and Settings\Administrator\Desktop\EMUS\Games\Mugen\index\Mugen+MT3(KiKi)\work\Tools\Fighter Factory\unins000.exe"
FLV Player --> "C:\WINDOWS\FLV Player\uninstall.exe" "/U:C:\Program Files\FLV Player\Uninstall\uninstall.xml"
Free Ipod Video Converter V 2.4 --> "C:\Program Files\BitComet\Downloads\Ipod Video Converter\unins000.exe"
Free Video to iPod Converter version 2.4 --> "C:\Program Files\BitComet\Downloads\Free Video to iPod Converter\unins000.exe"
Freecorder Toolbar --> C:\PROGRA~1\FREECO~2\UNWISE.EXE C:\PROGRA~1\FREECO~2\INSTALL.LOG
Freecorder Toolbar 3.0 Application --> "C:\WINDOWS\Freecorder Toolbar\uninstall.exe" "/U:C:\Program Files\Freecorder Toolbar\Uninstall\uninstall.xml"
Frets On Fire --> "C:\Program Files\Frets on Fire\Uninstall.exe"
GameSpot Download Manager --> "C:\Program Files\GameSpot\uninstall.exe"
GameTap --> C:\Program Files\InstallShield Installation Information\{67E158AF-8856-4337-B483-EA21930786AF}\setup.exe -runfromtemp -l0x0009 -removeonly
GCalc 3 --> C:\WINDOWS\system32\javaws.exe -uninstall -prompt "http://gcalc.net/jar/gcalc3.jnlp"
getPlus®_ocx --> rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\inf\GETPLUSo.INF, DefaultUninstall
GGXtrial --> C:\WINDOWS\IsUn0411.exe -f"C:\Program Files\CYBERFRONT\GGXtrial\Uninst.isu"
GoGoData Toolbar 3.0.1 --> C:\PROGRA~1\GoGoData.com\GOGODA~1\Setup.exe /remove
Google Toolbar for Internet Explorer --> MsiExec.exe /X{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar2.dll"
GTK+ 2.8.18-1 runtime environment --> "C:\Program Files\Common Files\GTK\2.0\unins000.exe"
GUILTY GEAR X2 #RELOAD --> MsiExec.exe /I{6984297D-54B4-47F2-B160-D40C305756AF}
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
hott notes 4 --> C:\Program Files\hott notes 4\uninst.exe
hp deskjet 3320 series (Remove only) --> C:\Program Files\hp deskjet 3320 series\hpfiui.exe -c -vdivid=HPF -vpnum=95 -vinstport=USB001 -vproduct=3320 -huninstall
iDump (Backing up your iPod) --> C:\Program Files\iDump\uninstall.exe
IGN Download Manager 2.3.2 --> C:\Program Files\IGN\Download Manager\uninst.exe
ijji --> C:\ijji\ENGLISH\ijjiUninstall.exe
ijji - Gunz --> C:\ijji\ENGLISH\Gunz\Uninstall.exe
ijji Auto Installer --> "C:\Program Files\InstallShield Installation Information\{1DCC7418-2089-4BDD-B321-3771956160FC}\setup.exe" -runfromtemp -l0x0009 -removeonly
Intel® Extreme Graphics Driver --> RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2562
Internet ScreenSaver Builder --> "C:\Program Files\XemiComputers\Internet ScreenSaver Builder\unins000.exe"
Internet Speed Monitor --> C:\Program Files\ISM\Uninstall.exe
iTunes --> MsiExec.exe /I{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}
Java™ 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java™ 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java™ 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java™ SE Runtime Environment 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160000}
Java™ SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
jetAudio Basic --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DF8195AF-8E6F-4487-A0EE-196F7E3F4B8A}\setup.exe" -l0x9 -removeonly
Kaspersky Online Scanner --> C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
Lernout & Hauspie TruVoice American English TTS Engine --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\tv_enua.inf, Uninstall
Lexmark 3400 Series --> C:\Program Files\Lexmark 3400 Series\Install\x86\Uninst.exe
Lexmark Fax Solutions --> C:\Program Files\Lexmark Fax Solutions\Install\x86\Uninst.exe /R:faxunst
Lexmark Toolbar --> regsvr32.exe /s /u "C:\Program Files\Lexmark Toolbar\toolband.dll"
LimeWire 4.16.6 --> "C:\Program Files\LimeWire\uninstall.exe"
LogMeIn --> MsiExec.exe /I{7E7658A2-CD3F-48A7-93EA-0882BCA4FD2A}
MAGIX Ringtone Maker 2 silver (US) --> F:\MAGIX\Ringtone_Maker_2_silver\instslct.exe
MAME32k (remove only) --> "C:\Documents and Settings\Administrator\Desktop\EMUS\MAME\Online\MAME32k\uninst.exe"
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.1 --> "C:\WINDOWS\$NtUninstallWdf01001$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 --> "C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft Office XP Professional with FrontPage --> MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
mIRC --> "C:\Program Files\mIRC\mirc.exe" -uninstall
MOBILedit! 2.3 --> RunDll32 C:\PROGRA~1\MOBILE~1\Setup\Setup.dll,RemoveOnly
MOSWorkshop --> C:\WINDOWS\uninst.exe -f"c:\documents and settings\administrator\desktop\emus\games\mugen\index\mugen+mt3(kiki)\work\tools\mosw1007\DeIsL1.isu" -c"c:\documents and settings\administrator\desktop\emus\games\mugen\index\mugen+mt3(kiki)\work\tools\mosw1007\_ISREG32.DLL"
Mozilla Firefox (2.0.0.14) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MP3 To Ringtone Gold 3.17 --> "F:\AnMing\unins000.exe"
MSN Gaming Zone --> C:\PROGRA~1\MSNGAM~1\zsetup.exe /Uninstall
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
MySpaceIM --> C:\Program Files\MySpace\IM\Uninstall.exe
Nintendo Wi-Fi USB Connector Registration Tool --> C:\Program Files\WiFiConnector\SoftAPUninst.exe
Norton Security Scan --> MsiExec.exe /I{DA15D535-5E1D-4076-B520-8571346D6238}
Ovation --> MsiExec.exe /I{85E6BACC-C8B2-49DD-A28B-6318E516E0CF}
Ovation --> MsiExec.exe /I{DDCC4FB0-3C82-494F-9376-66E5F1486358}
Pack Vista Inspirat 2 1.0 --> C:\WINDOWS\BricoPacks\Vista Inspirat 2\Remove.exe
Panda ActiveScan --> C:\WINDOWS\system32\ASUninst.exe Panda ActiveScan
Pepsi Volume Controller 3.0 --> "C:\Program Files\Zamaan's Software\Pepsi Volume Controller 3.0\unins000.exe"
PhanTim3 --> "C:\Program Files\PhanTim3\Uninstall.exe"
Pivot Stickfigure Animator --> MsiExec.exe /I{BEAD39CD-901D-4267-8B8B-EAA83CB4B70D}
Project64 1.6 --> MsiExec.exe /X{9559F7CA-5E34-4237-A2D9-D856464AD727}
QuickTime --> MsiExec.exe /I{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek AC'97 Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE
RM Converter 4.12 --> "C:\Program Files\RM Converter\unins000.exe"
Rumble Box Tournament Edition --> C:\Program Files\Rumble Box\uninst.exe
SBC Self Support Tool --> C:\WINDOWS\Motive\SBC\MCCUninst.exe
Screensaver_Game_1024x768 --> C:\WINDOWS\system32\Screensaver_Game_1024x768.scr /u
Search Settings --> MsiExec.exe /X{90529245-9C54-45B5-BBB3-B180CA04F248}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Soldat 1.4.2 --> "C:\Soldat\unins000.exe"
Sonic RecordNow! --> MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19}
Sonic Update Manager --> MsiExec.exe /I{09DA4F91-2A09-4232-AB8C-6BC740096DE3}
Sony Ericsson Device Data --> MsiExec.exe /I{C92E7DF1-624A-4D95-A4C4-18CB491B44A4}
Sony Ericsson PC Suite --> C:\WINDOWS\Installer\{D6BF6477-8369-489F-8DE6-3731F4B88560}\setup.exe /uninstall
Sony Ericsson PC Suite --> MsiExec.exe /I{52D44F93-8FA9-4945-A817-0E98669CCE03}
Spybot - Search & Destroy 1.4 --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
SpywareBlaster v3.5.1 --> "C:\Program Files\SpywareBlaster\unins000.exe"
SUPER ゥ Version 2008.bld.30 (Mar 22, 2008) --> C:\PROGRA~1\ERIGHT~1\SUPER\Setup.exe /remove /q0
Sygate Personal Firewall --> MsiExec.exe /I{F34D9A5F-484A-4E31-A9D3-908CB265B289}
The GIMP 2.2.11 --> "C:\Program Files\GIMP-2.0\unins000.exe"
The MDickie Show (Demo) --> C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\DESKTOP\EMUS\GAMES\MDICKIE\SHOW\Uninstal.exe
The Rosetta Stone --> C:\WINDOWS\unvise32.exe C:\Program Files\The Rosetta Stone\TRS Support\uninstal.log
Trash (remove only) --> "C:\Program Files\Trash\uninstall.exe"
Twins video to iPod-Zune-PSP-3GP 1.0 --> "F:\Twins video to iPod-Zune-PSP-3GP\unins000.exe"
UltimateZip 2.7 --> "C:\Program Files\UltimateZip 2.7\unins000.exe"
upapp --> MsiExec.exe /I{4EF69D40-4DC9-485E-95D3-B1C22F218FC8}
Update Service --> C:\Program Files\Sony Ericsson\Update Service\uninst.exe
陽射しの中のリアル --> C:\Documents and Settings\Administrator\Desktop\EMUS\Videos\GBA\New Folder (6)\New Folder (7)\New Folder (6)\New Folder\陽射しの中のリアル\_uninst.exe JHHKIOMLICLFICMMJCIGICMMIDIKIDEBIDIL
VeohTV BETA --> C:\Program Files\InstallShield Installation Information\{1A40B327-2F18-4DC6-894F-C9050321B5CB}\setup.exe -runfromtemp -l0x0409
VideoLAN VLC media player 0.8.6 --> C:\Program Files\VideoLAN\VLC\uninstall.exe
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
Vitalize! --> C:\Program Files\Common Files\Vitalize\Uninstal.exe
Vox Proxy --> MsiExec.exe /I{98A2EDE2-FDA6-11D4-857B-0040F68C9D72}
webHancer Customer Companion --> C:\Program Files\webHancer\Programs\whInstaller.exe -uninstall
Winamp Remote --> "C:\Program Files\Winamp Remote\uninstall.exe"
Windows Defender --> MsiExec.exe /I{B2D7CE29-614A-4ACC-8BFE-009EB3A244C9}
Windows Defender Signatures --> MsiExec.exe /I{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}
Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Live installer --> MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Messenger --> MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live Sign-in Assistant --> MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Presentation Foundation --> MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
WinZip --> "C:\Program Files\WinZip\WINZIP32.EXE" /uninstall
WM Converter 2.0 --> C:\Program Files\WM Converter\Uninstal.exe
WordToys --> C:\WINDOWS\Inf\WtUninst.exe
Xfire (remove only) --> "C:\Program Files\Xfire\uninst.exe"
XML Paper Specification Shared Components Pack 1.0 -->
Zune --> MsiExec.exe /X{7583239A-D4BE-48CA-A253-396122B3D3E9}
Zune Language Pack (ES) --> MsiExec.exe /X{EE4ACABF-531E-419A-9225-B8E0FA4955AF}
Zune Language Pack (FR) --> MsiExec.exe /X{0076E1AC-9E7B-4B9F-A62A-4CC9511AD8E3}


-- Application Event Log -------------------------------------------------------

Event Record #/Type3376 / Error
Event Submitted/Written: 04/17/2008 11:56:58 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application iexplore.exe, version 6.0.2900.2180, faulting module unknown, version 0.0.0.0, fault address 0x605338a8.
Processing media-specific event for [iexplore.exe!ws!]

Event Record #/Type3371 / Error
Event Submitted/Written: 04/17/2008 06:44:21 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application DeepBurner.exe, version 1.8.0.224, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type3324 / Error
Event Submitted/Written: 04/13/2008 07:56:12 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application iexplore.exe, version 6.0.2900.2180, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type3321 / Error
Event Submitted/Written: 04/13/2008 06:13:09 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application iexplore.exe, version 6.0.2900.2180, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type3269 / Success
Event Submitted/Written: 04/11/2008 10:06:08 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type40483 / Error
Event Submitted/Written: 04/20/2008 07:19:46 PM
Event ID/Source: 7026 / Service Control Manager
Event Description:
The following boot-start or system-start driver(s) failed to load:
oreans32

Event Record #/Type40478 / Warning
Event Submitted/Written: 04/20/2008 05:04:06 PM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Event Record #/Type40473 / Error
Event Submitted/Written: 04/20/2008 03:20:14 PM
Event ID/Source: 10010 / DCOM
Event Description:
The server {DC0C2640-1415-4644-875C-6F4D769839BA} did not register with DCOM within the required timeout.

Event Record #/Type40472 / Error
Event Submitted/Written: 04/20/2008 02:31:03 PM
Event ID/Source: 10010 / DCOM
Event Description:
The server {DC0C2640-1415-4644-875C-6F4D769839BA} did not register with DCOM within the required timeout.

Event Record #/Type40471 / Error
Event Submitted/Written: 04/20/2008 02:26:48 PM
Event ID/Source: 11 / Disk
Event Description:
The driver detected a controller error on \Device\Harddisk2\D.



-- End of Deckard's System Scanner: finished at 2008-04-20 19:45:05 ------------



-- End of Deckard's System Scanner: finished at 2008-04-20 19:45:05 ------------

BC AdBot (Login to Remove)

 


#2 annabackwards

annabackwards

  • Members
  • 1,381 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Sydney, Australia.
  • Local time:01:31 PM

Posted 01 May 2008 - 05:58 AM

Hello tristenkw5,

I am currently studying your log and will be back to you as soon as possible.

During this time, you could do a few things that would be highly appreciated.
1. Please do not make any system changes as any changes you make may well alter your log.
2. If there's anything that you don't understand, please ask your question(s) before proceeding with the fixes.
3. Please reply to this thread, do not start a new topic as it will make things much easier.

Thank you for your patience,
Anna
Posted Image

Surf smarter, surf faster, surf safer, surf with Mozilla Firefox

#3 tristenkw5

tristenkw5
  • Topic Starter

  • Members
  • 71 posts
  • OFFLINE
  •  
  • Local time:09:31 PM

Posted 01 May 2008 - 04:00 PM

Thank you for the help. Although, you might have wanted to tell me number 1 a couple of weeks ago lol. I might have made changes since then.

#4 annabackwards

annabackwards

  • Members
  • 1,381 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Sydney, Australia.
  • Local time:01:31 PM

Posted 04 May 2008 - 03:29 AM

Hello, tristenkw5.

Before we start fixing anything you should print out these instructions or copy them to a NotePad file so they will be accessible. Some steps will require you to disconnect from the Internet or use Safe Mode and you will not have access to this page.

And after I restarted my computer (because it started slowing down) my desktop changed blue with yellow and white writing claiming Spyware has entered my PC and I should click here to fix it, or something to that effect. I really don't feel like typing it all, but of course I will if you really need it.

Webhancer is a likely culprit of this and as such i suggest its removal :thumbsup:

Please click here. It will take you to a page with instructions on how to remove Webhancer.

Then,

Please download SDFix by AndyManchesta and save it to your desktop.
When using this tool, you must use the Administrator's account or an account with "Administrative rights"
  • Double click SDFix.exe and it will extract the files to %systemdrive%
  • (this is the drive that contains the Windows Directory, typically C:\SDFix).
  • DO NOT use it just yet.
Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Open the SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services or Registry Entries found then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts, the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt.
  • Copy and paste the contents of the results file Report.txt in your next replyalong with a new HijackThis log.
-- If this error message is displayed when running SDFix: "The command prompt has been disabled by your administrator. Press any key to continue..."
Please go to Start Menu > Run > and copy/paste the following line:
%systemdrive%\SDFix\apps\swreg IMPORT %systemdrive%\SDFix\apps\Enable_Command_Prompt.reg
Press Ok and then run SDFix again.

-- If the Command Prompt window flashes on then off again on XP or Win 2000, please go to Start Menu > Run > and copy/paste the following line:
%systemdrive%\SDFix\apps\FixPath.exe /Q
Reboot and then run SDFix again.

-- If SDFix still does not run, check the %comspec% variable. Right-click My Computer > click Properties > Advanced > Environment Variables and check that the ComSpec variable points to cmd.exe.
%SystemRoot%\system32\cmd.exe


Afterwards, please post a new DSS log and the SDfix log. Also tell me of any problems that you have encountered.
Posted Image

Surf smarter, surf faster, surf safer, surf with Mozilla Firefox

#5 tristenkw5

tristenkw5
  • Topic Starter

  • Members
  • 71 posts
  • OFFLINE
  •  
  • Local time:09:31 PM

Posted 04 May 2008 - 04:39 PM

Ask and I shall obey. By the way, do you think it would be safe to put my personal info into the computer right now? I need to sign up for my SATs as soon as possible, and I was waiting until the virus was gone as there are credit card numbers involved.

Also, another problem popped up since my first post I forgot to mention. Whenever I try to search for something in something such as Yahoo or Google, I always get redirected to another page at least once when I go to the different results.


Anyway, the logs.


Deckard's System Scanner v20071014.68
Run by Administrator on 2008-05-04 16:32:41
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Administrator.exe) ---------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:33:00 PM, on 5/4/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\system32\lxcycoms.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\ZuneBusEnum.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\notepad.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Lexmark 3400 Series\lxcymon.exe
C:\Program Files\Lexmark 3400 Series\ezprint.exe
C:\Program Files\Search Settings\SearchSettings.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\Zamaan's Software\Pepsi Volume Controller 3.0\pvc3.0.exe
F:\Zune\ZuneLauncher.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\WINDOWS\system32\regsvr32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\GoGoData.com\GoGoData Toolbar\GoGoTray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\GoGoData.com\GOGODA~1\ADBUST~1.EXE
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\PROGRA~1\Yahoo!\YOP\SSDK02.exe
C:\Program Files\WiFiConnector\NintendoWFCReg.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
C:\Program Files\Bat\X_Bat.exe
C:\Program Files\Change Mon Ecran\CmeSystray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Documents and Settings\Administrator\Desktop\dss.exe
C:\DOCUME~1\ADMINI~1\Desktop\EMUS\SPYWAR~1\HIJACK~1\ADMINI~1.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:6711;
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFre1.dll
O2 - BHO: (no name) - {1a8523dc-1dd2-11b2-8f50-a0f5b7cb9b7f} - C:\WINDOWS\dchehsda.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.4.29.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\common\yiesrvc.dll
O2 - BHO: BatBHO - {63F7460B-C831-4142-A4AA-5EC303EC4343} - C:\Program Files\Bat\Bat.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: StFlex IE Helper - {847B6838-BFB6-40a1-8888-736928099059} - C:\Program Files\QdrDrive\QdrDrive15.dll (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb125\SearchSettings.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFre1.dll
O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [WindowsUI] C:\WINDOWS\WINDOWS\WindowsUI.exe
O4 - HKLM\..\Run: [lxcymon.exe] "C:\Program Files\Lexmark 3400 Series\lxcymon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 3400 Series\ezprint.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [LXCYCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCYtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [Pepsi Volume Controller 3.0] C:\Program Files\Zamaan's Software\Pepsi Volume Controller 3.0\pvc3.0.exe
O4 - HKLM\..\Run: [Zune Launcher] "f:\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [zglovsta] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\zglovsta.dll"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [GoGoTray.exe] C:\Program Files\GoGoData.com\GoGoData Toolbar\GoGoTray.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RocketDock] "C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [WindowsUI] C:\WINDOWS\WINDOWS\WindowsUI.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: Bat - Auto Update.lnk = C:\Program Files\Bat\Bat.exe
O4 - Startup: Cme.lnk = C:\Program Files\Change Mon Ecran\Change Mon Ecran.exe
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
O4 - Global Startup: Desktop Manager.lnk = F:\Program Files\DesktopMgr.exe
O4 - Global Startup: Run Nintendo Wi-Fi USB Connector Registration Tool.lnk = C:\Program Files\WiFiConnector\NintendoWFCReg.exe
O4 - Global Startup: WindowsUI.exe.lnk = C:\WINDOWS\explorer.exe
O8 - Extra context menu item: Add to Change Mon Ecran - c:\windows\CmeIE.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\common\yiesrvc.dll
O9 - Extra button: (no name) - {7B6E4BB4-8464-47CF-9A5B-F82F6B408A6E} - C:\PROGRA~1\GoGoData.com\GOGODA~1\TOMAHA~1.DLL (file missing)
O9 - Extra 'Tools' menuitem: GoGoData AdBuster - {7B6E4BB4-8464-47CF-9A5B-F82F6B408A6E} - C:\PROGRA~1\GoGoData.com\GOGODA~1\TOMAHA~1.DLL (file missing)
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "C:\Program Files\Fiddler2\Fiddler.exe" (file missing)
O9 - Extra 'Tools' menuitem: Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "C:\Program Files\Fiddler2\Fiddler.exe" (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/u...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {1E3F1348-4370-4BBE-A67A-CC7ED824CA85} (Microsoft Genuine Advantage Self Support Tool) - http://go.microsoft.com/fwlink/?LinkId=82580
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2F6265C6-3D7D-44B9-97FE-3993B9248EC1} (Plugin Class) - http://smashmash.tv/InstallSmashMashPlugin.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1121808448843
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v4.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1198953485921
O16 - DPF: {7823A620-9DD9-11CF-A662-00AA00C066D2} (PopupMenu Object) - http://activex.microsoft.com/controls/iexp.../x86/iemenu.cab
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - http://ipgweb.cce.hp.com/rdqcpc/downloads/msxml4.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols3/fscax.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab34246.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownlo...GPlugin9USA.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {EB6D7E70-AAA9-40D9-BA05-F214089F2275} (Vitalize Class) - http://www.clickteam.com/vitalize3/vitalize.cab
O22 - SharedTaskScheduler: USB Ware - {E2CA7CD1-1AD9-F1C4-3D2A-DC1A33E7AF9D} - (no file)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxcy_device - - C:\WINDOWS\system32\lxcycoms.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 17263 bytes

-- Files created between 2008-04-04 and 2008-05-04 -----------------------------

2008-05-04 14:12:40 0 d-------- C:\WINDOWS\ERUNT
2008-05-02 15:48:19 0 d-------- C:\WINDOWS\system32\Adobe
2008-05-01 18:11:37 102400 --a------ C:\WINDOWS\system32\popijcjc.exe
2008-04-28 17:21:43 0 d-------- C:\Program Files\Svconr
2008-04-24 16:49:35 0 d-------- C:\Program Files\iPod
2008-04-22 23:10:13 0 d-------- C:\Program Files\Noitu Love 2
2008-04-20 15:28:41 0 d-------- C:\Documents and Settings\All Users\Application Data\Rabio
2008-04-20 15:23:12 0 d-------- C:\Documents and Settings\LocalService\Application Data\Macromedia
2008-04-20 15:23:07 0 d-------- C:\Documents and Settings\LocalService\Application Data\Adobe
2008-04-20 15:22:57 0 d-------- C:\Documents and Settings\All Users\Application Data\opgpwhux
2008-04-20 15:22:49 0 d-------- C:\WINDOWS\mgwwgmke
2008-04-20 15:22:45 65024 --a------ C:\Documents and Settings\All Users\Application Data\zglovsta.dll
2008-04-20 15:22:38 65024 --a------ C:\WINDOWS\dchehsda.dll
2008-04-20 15:22:23 0 d-------- C:\Documents and Settings\LocalService\Application Data\Google
2008-04-20 15:22:20 0 d---s---- C:\Documents and Settings\LocalService\Favorites
2008-04-20 15:22:15 0 d-------- C:\Program Files\Bat
2008-04-13 20:09:04 0 d-------- C:\Documents and Settings\Administrator\Application Data\Trash
2008-04-13 20:03:16 0 d-------- C:\Program Files\Trash
2008-04-13 12:56:55 0 d-------- C:\Program Files\iTunes
2008-04-13 09:12:35 0 d-------- C:\Documents and Settings\Administrator\Application Data\Skype
2008-04-06 19:01:07 0 d-------- C:\Documents and Settings\NetworkService\Application Data\Google
2008-04-06 19:01:06 0 d---s---- C:\Documents and Settings\NetworkService\Favorites


-- Find3M Report ---------------------------------------------------------------

2008-05-04 09:15:46 0 d-------- C:\Documents and Settings\Administrator\Application Data\LimeWire
2008-05-03 18:43:24 0 d-------- C:\Program Files\LimeWire
2008-05-02 15:00:01 0 d-------- C:\Program Files\Norton Security Scan
2008-04-29 22:33:20 0 d-------- C:\Program Files\Apple Software Update
2008-04-26 14:05:50 0 d-------- C:\Program Files\BitComet
2008-04-20 19:20:37 0 d-------- C:\Program Files\lx_cats
2008-04-20 19:18:45 0 d-------- C:\Program Files\QuickTime
2008-04-09 19:52:52 0 d-------- C:\Program Files\DivX
2008-04-09 18:03:28 0 d-------- C:\Program Files\Java
2008-04-03 22:20:53 0 d-------- C:\Documents and Settings\Administrator\Application Data\Soldat
2008-04-02 19:35:30 0 d-------- C:\Documents and Settings\Administrator\Application Data\Blackberry Desktop
2008-03-31 16:25:48 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivXョ>
2008-03-31 16:25:48 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivXョ>
2008-03-31 16:25:46 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2008-03-31 16:25:46 831488 --a------ C:\WINDOWS\system32\divx_xx0a.dll
2008-03-31 16:25:46 682496 --a------ C:\WINDOWS\system32\DivX.dll <Not Verified; DivX, Inc.; DivXョ>
2008-03-30 22:57:12 0 d-------- C:\Documents and Settings\Administrator\Application Data\Research In Motion
2008-03-30 22:53:02 0 d-------- C:\Program Files\Common Files\Research In Motion
2008-03-30 22:52:51 0 d-------- C:\Program Files\Common Files
2008-03-23 20:10:59 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-03-23 18:50:58 0 d-------- C:\Program Files\eRightSoft
2008-03-23 16:38:41 0 d-------- C:\Program Files\Audiosurf
2008-03-23 16:25:02 0 d-------- C:\Program Files\Fiddler2
2008-03-23 15:47:17 0 d-------- C:\Program Files\The Rosetta Stone
2008-03-22 13:16:36 0 d-------- C:\Program Files\LogMeIn
2008-03-21 15:30:08 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-03-21 15:28:54 196608 --a------ C:\WINDOWS\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2008-03-21 15:28:54 81920 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2008-03-21 15:28:20 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
2008-03-19 14:00:58 0 d-------- C:\Documents and Settings\Administrator\Application Data\Apple Computer
2008-03-14 23:46:18 0 d-------- C:\Program Files\CDisplay
2008-02-26 01:37:03 57952 --a------ C:\Documents and Settings\Administrator\Application Data\GDIPFONTCACHEV1.DAT
2008-02-25 22:39:54 1891 --a------ C:\WINDOWS\mozver.dat
2008-02-07 16:15:06 408576 --a------ C:\WINDOWS\system32\Smab.dll


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
12/17/2007 11:24 PM 1502232 --a------ C:\Program Files\Freecorder\tbFre1.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1a8523dc-1dd2-11b2-8f50-a0f5b7cb9b7f}]
04/20/2008 03:22 PM 65024 --a------ C:\WINDOWS\dchehsda.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{63F7460B-C831-4142-A4AA-5EC303EC4343}]
03/07/2008 09:15 PM 413696 --a------ C:\Program Files\Bat\Bat.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{847B6838-BFB6-40a1-8888-736928099059}]
C:\Program Files\QdrDrive\QdrDrive15.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}]
12/06/2007 12:58 PM 1198432 --a------ C:\Program Files\Search Settings\kb125\SearchSettings.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{1392B8D2-5C05-419F-A8F6-B9F15A596612}"= C:\Program Files\Freecorder\tbFre1.dll [12/17/2007 11:24 PM 1502232]

[-HKEY_CLASSES_ROOT\CLSID\{1392B8D2-5C05-419F-A8F6-B9F15A596612}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [04/21/2008 07:27 PM]
"SoundMan"="SOUNDMAN.EXE" [04/28/2004 05:19 PM C:\WINDOWS\soundman.exe]
"YBrowser"="C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe" [07/21/2006 04:19 PM]
"Motive SmartBridge"="C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe" [12/10/2003 04:52 AM]
"YOP"="C:\PROGRA~1\Yahoo!\YOP\yop.exe" [06/26/2007 01:48 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 04:25 AM]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [01/02/2006 05:41 PM]
"SmcService"="C:\PROGRA~1\Sygate\SPF\smc.exe" [10/15/2004 08:40 PM]
"WindowsUI"="C:\WINDOWS\WINDOWS\WindowsUI.exe" []
"lxcymon.exe"="C:\Program Files\Lexmark 3400 Series\lxcymon.exe" [06/25/2007 09:34 AM]
"EzPrint"="C:\Program Files\Lexmark 3400 Series\ezprint.exe" [06/25/2007 09:34 AM]
"FaxCenterServer"="C:\Program Files\Lexmark Fax Solutions\fm3032.exe" [06/25/2007 09:35 AM]
"LXCYCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCYtime.dll" [11/21/2006 12:27 PM]
"SearchSettings"="C:\Program Files\Search Settings\SearchSettings.exe" [12/06/2007 12:58 PM]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [04/04/2007 02:01 AM]
"Pepsi Volume Controller 3.0"="C:\Program Files\Zamaan's Software\Pepsi Volume Controller 3.0\pvc3.0.exe" [04/08/2006 02:56 AM]
"Zune Launcher"="f:\Zune\ZuneLauncher.exe" [01/11/2008 06:54 PM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 11:16 PM]
"LogMeIn GUI"="C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" [08/03/2007 03:09 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [03/28/2008 11:37 PM]
"zglovsta"="regsvr32 /u C:\Documents and Settings\All Users\Application Data\zglovsta.dll" []
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [03/30/2008 10:36 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sonic RecordNow!"="" []
"GoGoTray.exe"="C:\Program Files\GoGoData.com\GoGoData Toolbar\GoGoTray.exe" [01/30/2005 12:50 PM]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [06/05/2007 06:46 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [02/16/2005 10:18 AM]
"Aim6"="" []
"RocketDock"="C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe" [03/18/2007 05:05 PM]
"WindowsUI"="C:\WINDOWS\WINDOWS\WindowsUI.exe" []

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"MySpaceIM"=C:\Program Files\MySpace\IM\MySpaceIM.exe

C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Startup\
Bat - Auto Update.lnk - C:\Program Files\Bat\Bat.exe [4/20/2008 3:22:07 PM]
Cme.lnk - C:\Program Files\Change Mon Ecran\Change Mon Ecran.exe [11/19/2007 5:20:01 PM]
RocketDock.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [3/18/2007 5:05:02 PM]
TransBar.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe [6/1/2005 2:41:18 PM]
UberIcon.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe [5/21/2006 2:43:08 AM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Desktop Manager.lnk - F:\Program Files\DesktopMgr.exe [9/7/2006 12:53:02 PM]
Run Nintendo Wi-Fi USB Connector Registration Tool.lnk - C:\Program Files\WiFiConnector\NintendoWFCReg.exe [6/20/2007 6:31:03 PM]
WindowsUI.exe.lnk - C:\WINDOWS\explorer.exe [2/16/2005 10:18:56 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableCAD"=1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
LMIinit.dll 11/15/2007 06:46 PM 87352 C:\WINDOWS\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SBC Self Support Tool.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SBC Self Support Tool.lnk
backup=C:\WINDOWS\pss\SBC Self Support Tool.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
"C:\Program Files\Windows Defender\MSASCui.exe" -hide


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
AutoRun\command- G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9e4de814-dd88-11dc-9c24-00402b27ca99}]
AutoRun\command- G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c85a35df-b961-11dc-9c07-00402b27ca99}]
AutoRun\command- G:\wd_windows_tools\setup.exe




-- End of Deckard's System Scanner: finished at 2008-05-04 16:33:58 ------------






SDFix: Version 1.179
Run by Administrator on Sun 05/04/2008 at 02:22 PM

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix

Checking Services :

Name :
MsSecurity1.209.4

Path :
C:\WINDOWS\winself.exe service

MsSecurity1.209.4 - Deleted



Restoring Windows Registry Values
Restoring Windows Default Hosts File
Restoring Missing SharedAccess Service

Rebooting


Checking Files :

Trojan Files Found:

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat - Contains Links to Malware Sites! - Deleted
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat - Contains Links to Malware Sites! - Deleted
C:\WINDOWS\mgwwgmke\1.png - Deleted
C:\WINDOWS\mgwwgmke\2.png - Deleted
C:\WINDOWS\mgwwgmke\3.png - Deleted
C:\WINDOWS\mgwwgmke\4.png - Deleted
C:\WINDOWS\mgwwgmke\5.png - Deleted
C:\WINDOWS\mgwwgmke\6.png - Deleted
C:\WINDOWS\mgwwgmke\7.png - Deleted
C:\WINDOWS\mgwwgmke\8.png - Deleted
C:\WINDOWS\mgwwgmke\9.png - Deleted
C:\WINDOWS\mgwwgmke\bottom-rc.gif - Deleted
C:\WINDOWS\mgwwgmke\config.png - Deleted
C:\WINDOWS\mgwwgmke\content.png - Deleted
C:\WINDOWS\mgwwgmke\download.gif - Deleted
C:\WINDOWS\mgwwgmke\frame-bg.gif - Deleted
C:\WINDOWS\mgwwgmke\frame-bottom-left.gif - Deleted
C:\WINDOWS\mgwwgmke\frame-h1bg.gif - Deleted
C:\WINDOWS\mgwwgmke\head.png - Deleted
C:\WINDOWS\mgwwgmke\icon.png - Deleted
C:\WINDOWS\mgwwgmke\indexwp.html - Deleted
C:\WINDOWS\mgwwgmke\main.css - Deleted
C:\WINDOWS\mgwwgmke\memory-prots.png - Deleted
C:\WINDOWS\mgwwgmke\net.png - Deleted
C:\WINDOWS\mgwwgmke\pc.gif - Deleted
C:\WINDOWS\mgwwgmke\pc-mag.gif - Deleted
C:\WINDOWS\mgwwgmke\poloska1.png - Deleted
C:\WINDOWS\mgwwgmke\poloska2.png - Deleted
C:\WINDOWS\mgwwgmke\poloska3.png - Deleted
C:\WINDOWS\mgwwgmke\promowp1.html - Deleted
C:\WINDOWS\mgwwgmke\promowp2.html - Deleted
C:\WINDOWS\mgwwgmke\promowp3.html - Deleted
C:\WINDOWS\mgwwgmke\promowp4.html - Deleted
C:\WINDOWS\mgwwgmke\promowp5.html - Deleted
C:\WINDOWS\mgwwgmke\reg.png - Deleted
C:\WINDOWS\mgwwgmke\repair.png - Deleted
C:\WINDOWS\mgwwgmke\scr-1.png - Deleted
C:\WINDOWS\mgwwgmke\scr-2.png - Deleted
C:\WINDOWS\mgwwgmke\start.png - Deleted
C:\WINDOWS\mgwwgmke\styles.css - Deleted
C:\WINDOWS\mgwwgmke\top-rc.gif - Deleted
C:\WINDOWS\mgwwgmke\vline.gif - Deleted
C:\WINDOWS\mgwwgmke\wp.png - Deleted
C:\WINDOWS\PerfInfo\SMVAAlMv6gwp.exe - Deleted
C:\Program Files\ISM\ism.exe - Deleted
C:\Program Files\ISM\Uninstall.exe - Deleted
C:\Program Files\QdrDrive\QdrDrive15.dll - Deleted
C:\Program Files\QdrDrive\qdrloader.exe - Deleted
C:\Program Files\QdrPack\dicts.gz - Deleted
C:\Program Files\QdrPack\QdrPack15.exe - Deleted
C:\Program Files\QdrPack\trgts.gz - Deleted
C:\WINDOWS\b104.exe - Deleted
C:\WINDOWS\b156.exe - Deleted
C:\WINDOWS\mrofinu72.exe - Deleted
C:\WINDOWS\system32\000090.exe - Deleted
C:\WINDOWS\123messenger.per - Deleted
C:\WINDOWS\2020search.dll - Deleted
C:\WINDOWS\2020search2.dll - Deleted
C:\WINDOWS\apphelp32.dll - Deleted
C:\WINDOWS\asferror32.dll - Deleted
C:\WINDOWS\asycfilt32.dll - Deleted
C:\WINDOWS\athprxy32.dll - Deleted
C:\WINDOWS\ati2dvaa32.dll - Deleted
C:\WINDOWS\ati2dvag32.dll - Deleted
C:\WINDOWS\audiosrv32.dll - Deleted
C:\WINDOWS\autodisc32.dll - Deleted
C:\WINDOWS\avifile32.dll - Deleted
C:\WINDOWS\avisynthex32.dll - Deleted
C:\WINDOWS\aviwrap32.dll - Deleted
C:\WINDOWS\bjam.dll - Deleted
C:\WINDOWS\bokja.exe - Deleted
C:\WINDOWS\browserad.dll - Deleted
C:\WINDOWS\cdsm32.dll - Deleted
C:\WINDOWS\changeurl_30.dll - Deleted
C:\WINDOWS\default.htm - Deleted
C:\WINDOWS\didduid.ini - Deleted
C:\WINDOWS\licencia.txt - Deleted
C:\WINDOWS\megavid.cdt - Deleted
C:\WINDOWS\msa64chk.dll - Deleted
C:\WINDOWS\msapasrc.dll - Deleted
C:\WINDOWS\mspphe.dll - Deleted
C:\WINDOWS\mssvr.exe - Deleted
C:\WINDOWS\muotr.so - Deleted
C:\WINDOWS\ntnut.exe - Deleted
C:\WINDOWS\saiemod.dll - Deleted
C:\WINDOWS\shdocpe.dll - Deleted
C:\WINDOWS\shdocpl.dll - Deleted
C:\WINDOWS\stcloader.exe - Deleted
C:\WINDOWS\swin32.dll - Deleted
C:\WINDOWS\system32\winfrun32.bin - Deleted
C:\WINDOWS\telefonos.txt - Deleted
C:\WINDOWS\textos.txt - Deleted
C:\WINDOWS\voiceip.dll - Deleted
C:\WINDOWS\winsb.dll - Deleted
C:\WINDOWS\winself.exe - Deleted



Folder C:\Program Files\InetGet2 - Removed
Folder C:\Program Files\ISM - Removed
Folder C:\Program Files\QdrDrive - Removed
Folder C:\Program Files\QdrPack - Removed
Folder C:\Program Files\Temporary - Removed
Folder C:\WINDOWS\PerfInfo - Removed


Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1353.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-04 16:16:15
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf40]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s0"=dword:2f8978ca
"s1"=dword:598dcd77
"s2"=dword:2d514423

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\\Program Files\\BitComet\\BitComet.exe"="C:\\Program Files\\BitComet\\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client"
"C:\\Program Files\\WiFiConnector\\NintendoWFCReg.exe"="C:\\Program Files\\WiFiConnector\\NintendoWFCReg.exe:*:Enabled:Nintendo Wi-Fi Connector USB"
"C:\\Program Files\\Yahoo!\\browser\\ybrowser.exe"="C:\\Program Files\\Yahoo!\\browser\\ybrowser.exe:*:Enabled:Yahoo! Browser"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\WINDOWS\\WINDOWS\\WindowsUI.exe"="C:\\WINDOWS\\WINDOWS\\WindowsUI.exe:*:Enabled:WindowsUI"
"C:\\WINDOWS\\system32\\lxcycoms.exe"="C:\\WINDOWS\\system32\\lxcycoms.exe:*:Enabled:Lexmark Communications System"
"C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Enabled:Internet Explorer"
"C:\\Program Files\\mIRC\\mirc.exe"="C:\\Program Files\\mIRC\\mirc.exe:*:Enabled:mIRC"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Windows Media Player\\wmplayer.exe"="C:\\Program Files\\Windows Media Player\\wmplayer.exe:*:Enabled:Windows Media Player"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\BYOND\\bin\\byond.exe"="C:\\Program Files\\BYOND\\bin\\byond.exe:*:Enabled:byond"
"C:\\Soldat\\Soldat.exe"="C:\\Soldat\\Soldat.exe:*:Enabled:Soldat"
"C:\\Program Files\\Trash\\Trash.exe"="C:\\Program Files\\Trash\\Trash.exe:*:Enabled:Trash"
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"="C:\\Program Files\\Real\\RealPlayer\\realplay.exe:*:Enabled:RealPlayer"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"="C:\\Program Files\\MySpace\\IM\\MySpaceIM.exe:*:Enabled:MySpace Instant Messenger"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

Remaining Files :


File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes :

Mon 24 Oct 2005 56 A.SH. --- "C:\redir.sys"
Sun 3 Jun 2012 1,537 A.SH. --- "C:\WINDOWS\page files\maxmeg.sys"
Wed 3 May 2006 163,328 ..SHR --- "C:\WINDOWS\system32\flvDX.dll"
Wed 20 Jul 2005 848 A.SH. --- "C:\WINDOWS\system32\KGyGaAvL.sys"
Wed 21 Feb 2007 31,232 ..SHR --- "C:\WINDOWS\system32\msfDX.dll"
Mon 17 Dec 2007 27,648 ..SH. --- "C:\WINDOWS\system32\Smab0.dll"
Fri 2 May 2008 25,600 ...H. --- "C:\Documents and Settings\Administrator\My Documents\~WRL2833.tmp"
Tue 25 Oct 2005 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Sun 26 Jun 2005 616,448 ..SHR --- "C:\Program Files\eRightSoft\SUPER\cygwin1.dll"
Tue 21 Jun 2005 45,568 ..SHR --- "C:\Program Files\eRightSoft\SUPER\cygz.dll"
Thu 13 Mar 2008 13,824 A.SHR --- "C:\Program Files\eRightSoft\SUPER\DXdump.exe"
Sun 23 Mar 2008 72,704 ..SHR --- "C:\Program Files\eRightSoft\SUPER\Setup.exe"
Fri 14 Apr 2006 70,144 ..SHR --- "C:\Program Files\GoGoData.com\GoGoData Toolbar\Setup.exe"
Tue 18 Jan 2005 23,040 A.SHR --- "C:\Program Files\GoGoData.com\GoGoData Toolbar\_Setupx.dll"
Sun 30 Dec 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Tue 4 Jun 2002 84,992 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\14_43260.dll"
Tue 4 Jun 2002 44,032 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\28_83260.dll"
Mon 9 Dec 2002 73,766 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\atrc3260.dll"
Mon 9 Dec 2002 65,575 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\cook3260.dll"
Sun 9 Jun 2002 36,864 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\ddnt3260.dll"
Tue 4 Jun 2002 20,480 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\dnet3260.dll"
Mon 9 Dec 2002 102,437 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\drv13260.dll"
Mon 9 Dec 2002 176,165 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\drv23260.dll"
Mon 9 Dec 2002 208,935 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\drv33260.dll"
Mon 9 Dec 2002 217,127 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\drv43260.dll"
Sun 9 Jun 2002 40,448 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\dspr3260.dll"
Sat 3 Nov 2001 225,280 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\ivvideo.dll"
Tue 10 Apr 2001 225,280 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\qtmlClient.dll"
Fri 20 Feb 2004 232,960 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\raac.dll"
Sun 9 Jun 2002 525,824 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\rnco3260.dll"
Mon 9 Dec 2002 245,805 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\rnlt3260.dll"
Mon 9 Dec 2002 45,093 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\rv103260.dll"
Mon 9 Dec 2002 98,341 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\rv203260.dll"
Mon 9 Dec 2002 94,247 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\rv303260.dll"
Mon 9 Dec 2002 90,151 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\rv403260.dll"
Mon 9 Dec 2002 102,439 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\sipr3260.dll"
Sun 9 Jun 2002 49,152 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\tokr3260.dll"
Thu 20 Mar 2008 5,632 ..SHR --- "C:\Program Files\eRightSoft\SUPER\spk\1stRun.exe"

Finished!

Edited by tristenkw5, 04 May 2008 - 05:21 PM.


#6 annabackwards

annabackwards

  • Members
  • 1,381 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Sydney, Australia.
  • Local time:01:31 PM

Posted 07 May 2008 - 01:25 AM

Hello tristenkw5,

do you think it would be safe to put my personal info into the computer right now? I need to sign up for my SATs as soon as possible, and I was waiting until the virus was gone as there are credit card numbers involved.

I would say that it would be alright to use your computer for those purposes if it cannot be helped. Your computer does not seem to be infected by malware with backdoor capabilities.

My general definition for backdoors is malware with the ability to perform actions in the background at the command of an external user without your knowledge. It can therefore access sensitive information such as your passwords and usernames, and most importantly, your credit card details.

I therefore would suggest using another computer as a result if possible, from a family, friend's or even a public library or a library computer will do. It would also be wise to change ALL your on-line passwords for email, for banks, financial accounts, PayPal, eBay, on-line companies, any on-line forums or groups you belong to from another clean computer if possible. :blink:

Also, another problem popped up since my first post I forgot to mention. Whenever I try to search for something in something such as Yahoo or Google, I always get redirected to another page at least once when I go to the different results.

That problem will very likely desist when your computer is clean ^^

Please be patient with me while i look at you logs, i'll reply as soon as possible :thumbsup:
Posted Image

Surf smarter, surf faster, surf safer, surf with Mozilla Firefox

#7 annabackwards

annabackwards

  • Members
  • 1,381 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Sydney, Australia.
  • Local time:01:31 PM

Posted 11 May 2008 - 06:10 AM

Hello Tristenkw5,

I'm sorry for the delay :thumbsup:

Please go to Start > My Computer
Go to Tools > Folder Options
Click on the View tab
Untick the following:
  • Hide extensions for known file types
  • Hide protected operating system files (Recommended)
You will get a message warning you about showing protected operating system files, click Yes
Make sure this option is selected:
  • Show hidden files and folders
Click Apply and then click OK

-----------------------------------------------------------

Your log(s) show that you are using so called peer-to-peer or file-sharing programs (in your case Limewire). These programs allow to share files between users as the name(s) suggest. In today's world the cyber crime has come to an enormous dimension and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of the malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.

It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. Some further readings on this subject, along the included links, are as follows: "File-Sharing, otherwise known as Peer To Peer" and "Risks of File-Sharing Technology."

It is also important to note that sharing entertainment files and proprietary software infringes the copyright laws in many countries over the world and you are putting yourself at risk of being indicted through organisations watching over the rights of the authors of such files (i.e. the RIAA for music files, or the MPAA for movie files in the USA) or the authors of the files themselves.

I therefore strongly suggest removing Limewire, especially since it is probably the reason you are infected in the first place :blink:

-----------------------------------------------------------

Please go to Start > Control Panel > Add or Remove Programs.

Remove the following programs, if they are present (Limewire is recommended but optional).
  • Bat
  • Internet Speed Monitor
  • webHancer Customer Companion
  • LimeWire 4.16.6
  • Ewido anti-malware->> it is an outdated program
If you are unsure of how to use Add or Remove Programs, the please see this tutorial:
How To Remove An Installed Program From Your Computer

Run HijackThis.
Click on Do a system scan only.
Place a checkmark next to these lines (if still present).

O2 - BHO: (no name) - {1a8523dc-1dd2-11b2-8f50-a0f5b7cb9b7f} - C:\WINDOWS\dchehsda.dll
O2 - BHO: BatBHO - {63F7460B-C831-4142-A4AA-5EC303EC4343} - C:\Program Files\Bat\Bat.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: StFlex IE Helper - {847B6838-BFB6-40a1-8888-736928099059} - C:\Program Files\QdrDrive\QdrDrive15.dll (file missing)
O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb125\SearchSettings.dll
O4 - HKLM\..\Run: [zglovsta] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\zglovsta.dll"
O16 - DPF: {2F6265C6-3D7D-44B9-97FE-3993B9248EC1} (Plugin Class) - http://smashmash.tv/InstallSmashMashPlugin.exe
O16 - DPF: {7823A620-9DD9-11CF-A662-00AA00C066D2} (PopupMenu Object) - http://activex.microsoft.com/controls/iexp.../x86/iemenu.cab
O22 - SharedTaskScheduler: USB Ware - {E2CA7CD1-1AD9-F1C4-3D2A-DC1A33E7AF9D} - (no file)


Then close all windows except HijackThis and click Fix Checked.

Restart

Use Windows Explorer to find and delete these files:

C:\redir.sys
C:\WINDOWS\page files\maxmeg.sys
C:\WINDOWS\dchehsda.dll
C:\Documents and Settings\All Users\Application Data\zglovsta.dll


And these folders:

C:\Program Files\Bat
C:\Program Files\Search Settings
C:\Program Files\ISM
C:\Program Files\webHancer


As an example:
To delete C:\WINDOWS\badfile.dll
Double click the My Computer icon on your Desktop. Or click on the Windows KEY + E.
Double click on Local Disc (C:\)
Double click on the Windows folder,
Right click on badfile.dll and then from the menu that appears, click on Delete


Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. A malicious site could render Java content under older, vulnerable versions of Sun's software if the user has not removed them. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) and save it to your desktop.
  • Scroll down to where it says "Java Runtime Environment (JRE) 6 Update 6...allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Select your Plattform: "Windows".
  • Select your Language: "English".
  • Read the License Agreement and then check the box that says: "Accept License Agreement".
  • Click "Continue".
  • Click on the link to download Windows Offline Installation and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u6-windows-i586-p.exe to install the newest version.
Next, Please download ATF Cleaner by Atribune.Double-click ATF-Cleaner.exe to run the program.
Under Main "Select Files to Delete" choose: Select All.
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

Now, Download and scan with SUPERAntiSpyware Free for Home Users
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
  • Under "Configuration and Preferences", click the Preferences button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.
Please then click on Start, click on Run
copy and paste the following in bold in the open window and then click OK
"%userprofile%\desktop\dss.exe" /config
This will open up DSS configuration
click on Check All
click Scan
DSS will now run again when finished
Please post back both logs that open in notepad
Main txt and extra txt

Remember to post all the logs that i requested. Also, please let me know of any problems you may have encountered.
Posted Image

Surf smarter, surf faster, surf safer, surf with Mozilla Firefox

#8 tristenkw5

tristenkw5
  • Topic Starter

  • Members
  • 71 posts
  • OFFLINE
  •  
  • Local time:09:31 PM

Posted 11 May 2008 - 10:16 PM

Thanks, I appreciate any help I can get, so don't worry about the delay. I only use Limewire as a extreme last resort, which means I don't use it often, but I am aware of it's threats. I check all the files I get from it. As for problems, there weren't any worth mentioning. I had to stop the Search Settings process before I could delete it's files, which took a sec to figure out, but otherwise all good.

Your requested logs....

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 05/11/2008 at 09:39 PM

Application Version : 4.0.1154

Core Rules Database Version : 3458
Trace Rules Database Version: 1449

Scan type : Complete Scan
Total Scan Time : 02:48:58

Memory items scanned : 664
Memory threats detected : 0
Registry items scanned : 6290
Registry threats detected : 43
File items scanned : 102969
File threats detected : 38

Adware.Vundo Variant
HKLM\Software\Classes\CLSID\{107A7B48-A430-42fa-8C8F-DD050E0210F9}
HKCR\CLSID\{107A7B48-A430-42FA-8C8F-DD050E0210F9}
HKCR\CLSID\{107A7B48-A430-42FA-8C8F-DD050E0210F9}
HKCR\CLSID\{107A7B48-A430-42FA-8C8F-DD050E0210F9}#AppID
HKCR\CLSID\{107A7B48-A430-42FA-8C8F-DD050E0210F9}\Implemented Categories
HKCR\CLSID\{107A7B48-A430-42FA-8C8F-DD050E0210F9}\Implemented Categories\{00021493-0000-0000-C000-000000000046}
HKCR\CLSID\{107A7B48-A430-42FA-8C8F-DD050E0210F9}\InprocServer32
HKCR\CLSID\{107A7B48-A430-42FA-8C8F-DD050E0210F9}\InprocServer32#ThreadingModel
HKCR\CLSID\{107A7B48-A430-42FA-8C8F-DD050E0210F9}\ProgID
HKCR\CLSID\{107A7B48-A430-42FA-8C8F-DD050E0210F9}\TypeLib
HKCR\CLSID\{107A7B48-A430-42FA-8C8F-DD050E0210F9}\VersionIndependentProgID
C:\PROGRAM FILES\QDRDRIVE\QDRDRIVE15.DLL
HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\{107A7B48-A430-42fa-8C8F-DD050E0210F9}
HKU\S-1-5-21-299502267-606747145-725345543-500\Software\Microsoft\Internet Explorer\Explorer Bars\{107A7B48-A430-42FA-8C8F-DD050E0210F9}

Adware.WebHancer
HKLM\Software\WebHancer
HKLM\Software\WebHancer#BaseDir
HKLM\Software\WebHancer\CC
HKLM\Software\WebHancer\CC#DistTag
HKLM\Software\WebHancer\CC#id
C:\DECKARD\SYSTEM SCANNER\20080504163239\BACKUP\DOCUME~1\ADMINI~1\LOCALS~1\TEMP\SYSWCC32.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{49E63E10-FC24-48F4-8C08-CD7E3AF15206}\RP254\A0050531.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{49E63E10-FC24-48F4-8C08-CD7E3AF15206}\RP254\A0050533.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{49E63E10-FC24-48F4-8C08-CD7E3AF15206}\RP254\A0050534.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{49E63E10-FC24-48F4-8C08-CD7E3AF15206}\RP256\A0050732.EXE

Unclassified.Oreans32
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32#NextInstance
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000#Service
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000#Legacy
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000#ConfigFlags
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000#Class
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000#ClassGUID
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000#DeviceDesc
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000#Capabilities
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000\LogConf
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000\Control
HKLM\SYSTEM\CurrentControlSet\Services\oreans32
HKLM\SYSTEM\CurrentControlSet\Services\oreans32#Type
HKLM\SYSTEM\CurrentControlSet\Services\oreans32#Start
HKLM\SYSTEM\CurrentControlSet\Services\oreans32#ErrorControl
HKLM\SYSTEM\CurrentControlSet\Services\oreans32#ImagePath
HKLM\SYSTEM\CurrentControlSet\Services\oreans32#DisplayName
HKLM\SYSTEM\CurrentControlSet\Services\oreans32\Security
HKLM\SYSTEM\CurrentControlSet\Services\oreans32\Security#Security
HKLM\SYSTEM\CurrentControlSet\Services\oreans32\Enum
HKLM\SYSTEM\CurrentControlSet\Services\oreans32\Enum#0
HKLM\SYSTEM\CurrentControlSet\Services\oreans32\Enum#Count
HKLM\SYSTEM\CurrentControlSet\Services\oreans32\Enum#NextInstance
HKLM\SYSTEM\CurrentControlSet\Services\oreans32\Enum#INITSTARTFAILED
C:\!KILLBOX\OREANS32.SYS

Adware.AdSponsor/ISM
C:\Documents and Settings\Administrator\Start Menu\Programs\Internet Speed Monitor\Check Now.lnk
C:\Documents and Settings\Administrator\Start Menu\Programs\Internet Speed Monitor\Uninstall.lnk
C:\Documents and Settings\Administrator\Start Menu\Programs\Internet Speed Monitor
C:\SYSTEM VOLUME INFORMATION\_RESTORE{49E63E10-FC24-48F4-8C08-CD7E3AF15206}\RP243\A0045955.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{49E63E10-FC24-48F4-8C08-CD7E3AF15206}\RP254\A0050550.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{49E63E10-FC24-48F4-8C08-CD7E3AF15206}\RP254\A0050624.EXE

Adware.Tracking Cookie
C:\Deckard\System Scanner\20080504163239\backup\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Cookies\administrator@2o7[1].txt
C:\Deckard\System Scanner\20080504163239\backup\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Cookies\administrator@accounts[2].txt
C:\Deckard\System Scanner\20080504163239\backup\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Cookies\administrator@advertising[2].txt
C:\Deckard\System Scanner\20080504163239\backup\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Cookies\administrator@ehg-globalgamingleague.hitbox[2].txt
C:\Deckard\System Scanner\20080504163239\backup\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Cookies\administrator@hitbox[2].txt
C:\Deckard\System Scanner\20080504163239\backup\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Cookies\administrator@overture[1].txt
C:\Deckard\System Scanner\20080504163239\backup\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Cookies\administrator@revsci[1].txt
C:\Deckard\System Scanner\20080504163239\backup\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Cookies\administrator@richmedia.yahoo[1].txt
C:\Deckard\System Scanner\20080504163239\backup\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Cookies\administrator@server.cpmstar[2].txt
C:\Deckard\System Scanner\20080504163239\backup\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Cookies\administrator@trafficmp[2].txt
C:\Deckard\System Scanner\20080504163239\backup\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Cookies\administrator@videoegg.adbureau[2].txt

Trojan.Unclassified-Packed/Suspicious
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\DESKTOP\EMUS\SPYWARE AND VIRUS DOWNLOADS\HIJACKTHIS\BACKUPS\BACKUP-20080511-174816-203.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{49E63E10-FC24-48F4-8C08-CD7E3AF15206}\RP256\A0050735.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{49E63E10-FC24-48F4-8C08-CD7E3AF15206}\RP256\A0050736.DLL

Trojan.Unknown Origin
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\OPGPWHUX\MHAVGLKJ.EXE
C:\QOOBOX\QUARANTINE\C\WINDOWS\TTC-4444.EXE.VIR
C:\SYSTEM VOLUME INFORMATION\_RESTORE{49E63E10-FC24-48F4-8C08-CD7E3AF15206}\RP249\A0047430.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{49E63E10-FC24-48F4-8C08-CD7E3AF15206}\RP254\A0050551.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{49E63E10-FC24-48F4-8C08-CD7E3AF15206}\RP254\A0050607.EXE

Adware.k8l
C:\PROGRAM FILES\PAGE.HTML
C:\PROGRAM FILES\WINDOWS NT\PROFSYBYPR.HTML

Rogue.WinPerformance
C:\SYSTEM VOLUME INFORMATION\_RESTORE{49E63E10-FC24-48F4-8C08-CD7E3AF15206}\RP254\A0050545.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{49E63E10-FC24-48F4-8C08-CD7E3AF15206}\RP254\A0050628.EXE

Trojan.Dropper/Multi-MBAD
C:\WINDOWS\MOTA113.EXE

Trojan.DropGen/SmallLoad
C:\WINDOWS\SYSTEM32\POPIJCJC.EXE




Deckard's System Scanner v20071014.68
Run by Administrator on 2008-05-11 22:07:00
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
45: 2008-05-12 03:07:21 UTC - RP266 - Deckard's System Scanner Restore Point
44: 2008-05-11 23:46:16 UTC - RP265 - Installed SUPERAntiSpyware Free Edition
43: 2008-05-11 23:38:36 UTC - RP264 - Installed Java™ 6 Update 6
42: 2008-05-11 23:29:05 UTC - RP263 - Removed Java™ SE Runtime Environment 6 Update 1
41: 2008-05-11 23:27:48 UTC - RP262 - Removed Java™ SE Runtime Environment 6


-- First Restore Point --
1: 2008-03-01 01:34:43 UTC - RP222 - Software Distribution Service 3.0


Performed disk cleanup.



-- HijackThis (run as Administrator.exe) ---------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:07:48 PM, on 5/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\system32\lxcycoms.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\ZuneBusEnum.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Lexmark 3400 Series\lxcymon.exe
C:\Program Files\Lexmark 3400 Series\ezprint.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\Zamaan's Software\Pepsi Volume Controller 3.0\pvc3.0.exe
F:\Zune\ZuneLauncher.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\GoGoData.com\GoGoData Toolbar\GoGoTray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\PROGRA~1\GoGoData.com\GOGODA~1\ADBUST~1.EXE
C:\PROGRA~1\Yahoo!\YOP\SSDK02.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WiFiConnector\NintendoWFCReg.exe
C:\Program Files\Change Mon Ecran\CmeSystray.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\Administrator\desktop\dss.exe
C:\DOCUME~1\ADMINI~1\Desktop\EMUS\SPYWAR~1\HIJACK~1\ADMINI~1.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:6711;
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFre1.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.4.29.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFre1.dll
O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [WindowsUI] C:\WINDOWS\WINDOWS\WindowsUI.exe
O4 - HKLM\..\Run: [lxcymon.exe] "C:\Program Files\Lexmark 3400 Series\lxcymon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 3400 Series\ezprint.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [LXCYCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCYtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [Pepsi Volume Controller 3.0] C:\Program Files\Zamaan's Software\Pepsi Volume Controller 3.0\pvc3.0.exe
O4 - HKLM\..\Run: [Zune Launcher] "f:\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKCU\..\Run: [GoGoTray.exe] C:\Program Files\GoGoData.com\GoGoData Toolbar\GoGoTray.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RocketDock] "C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [WindowsUI] C:\WINDOWS\WINDOWS\WindowsUI.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: Cme.lnk = C:\Program Files\Change Mon Ecran\Change Mon Ecran.exe
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
O4 - Global Startup: Desktop Manager.lnk = F:\Program Files\DesktopMgr.exe
O4 - Global Startup: Run Nintendo Wi-Fi USB Connector Registration Tool.lnk = C:\Program Files\WiFiConnector\NintendoWFCReg.exe
O4 - Global Startup: WindowsUI.exe.lnk = C:\WINDOWS\explorer.exe
O8 - Extra context menu item: Add to Change Mon Ecran - c:\windows\CmeIE.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\common\yiesrvc.dll
O9 - Extra button: (no name) - {7B6E4BB4-8464-47CF-9A5B-F82F6B408A6E} - C:\PROGRA~1\GoGoData.com\GOGODA~1\TOMAHA~1.DLL (file missing)
O9 - Extra 'Tools' menuitem: GoGoData AdBuster - {7B6E4BB4-8464-47CF-9A5B-F82F6B408A6E} - C:\PROGRA~1\GoGoData.com\GOGODA~1\TOMAHA~1.DLL (file missing)
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "C:\Program Files\Fiddler2\Fiddler.exe" (file missing)
O9 - Extra 'Tools' menuitem: Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "C:\Program Files\Fiddler2\Fiddler.exe" (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/u...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {1E3F1348-4370-4BBE-A67A-CC7ED824CA85} (Microsoft Genuine Advantage Self Support Tool) - http://go.microsoft.com/fwlink/?LinkId=82580
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1121808448843
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v4.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1198953485921
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - http://ipgweb.cce.hp.com/rdqcpc/downloads/msxml4.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols3/fscax.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab34246.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownlo...GPlugin9USA.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {EB6D7E70-AAA9-40D9-BA05-F214089F2275} (Vitalize Class) - http://www.clickteam.com/vitalize3/vitalize.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxcy_device - - C:\WINDOWS\system32\lxcycoms.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O24 - Desktop Component 1: (no name) - http://gamercard.xbox.com/tristenkw5.card

--
End of file - 16302 bytes

-- HijackThis Fixed Entries (C:\DOCUME~1\ADMINI~1\Desktop\EMUS\SPYWAR~1\HIJACK~1\backups\) --------------------------------------------------------------------------------

backup-20060414-180609-467 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
backup-20060414-180742-481 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
backup-20061115-205441-234 O4 - HKLM\..\Run: [shdef] C:\WINDOWS\shdef.exe
backup-20061115-205441-288 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html
backup-20061115-205441-501 O4 - HKLM\..\RunServices: [Windows Update] C:\WINDOWS\scvhost.exe
backup-20061115-205441-534 O3 - Toolbar: GoGoData AdBuster - {3EB9C349-7473-48AC-A59B-42F31751974B} - C:\PROGRA~1\GoGoData.com\GOGODA~1\TOMAHA~1.DLL (file missing)
backup-20061115-205441-546 O2 - BHO: Nothing - {8d83b16e-0de1-452b-ac52-96ec0b34aa4b} - C:\WINDOWS\system32\hpF02C.tmp (file missing)
backup-20061115-205441-699 O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
backup-20061115-205441-766 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
backup-20061115-205441-818 O4 - HKLM\..\Run: [Windows Update] C:\WINDOWS\scvhost.exe
backup-20070619-155522-531 O16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} - http://drivecleaner.com/.freeware/installd...leanerstart.cab
backup-20071127-170521-152 O20 - Winlogon Notify: jkkihfc - jkkihfc.dll (file missing)
backup-20071127-170521-337 O2 - BHO: (no name) - {82F3B9DB-4A23-4B2D-92F5-C866A09EC967} - C:\Program Files\MSN Gaming Zone\hokes4444.dll (file missing)
backup-20071127-170521-569 O2 - BHO: (no name) - {6AA3809C-6261-456F-8FCA-43FE39ADC5E9} - C:\WINDOWS\system32\jkkihfc.dll (file missing)
backup-20071127-170521-610 O2 - BHO: (no name) - {6D54537C-FB81-4DCB-94FF-B4A36E1B7F3E} - C:\WINDOWS\system32\ddcca.dll (file missing)
backup-20071127-170521-942 O2 - BHO: (no name) - {79DB6BB1-14F2-4967-A816-9395985EB2D2} - C:\Program Files\MSN Gaming Zone\hokes83122.dll (file missing)
backup-20080511-174816-203 O2 - BHO: (no name) - {1a8523dc-1dd2-11b2-8f50-a0f5b7cb9b7f} - C:\WINDOWS\dchehsda.dll
backup-20080511-174816-215 O2 - BHO: StFlex IE Helper - {847B6838-BFB6-40a1-8888-736928099059} - C:\Program Files\QdrDrive\QdrDrive15.dll (file missing)
backup-20080511-174816-435 O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
backup-20080511-174816-610 O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb125\SearchSettings.dll
backup-20080511-174817-137 O16 - DPF: {2F6265C6-3D7D-44B9-97FE-3993B9248EC1} (Plugin Class) - http://smashmash.tv/InstallSmashMashPlugin.exe
backup-20080511-174817-314 O4 - HKLM\..\Run: [zglovsta] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\zglovsta.dll"
backup-20080511-174819-362 O16 - DPF: {7823A620-9DD9-11CF-A662-00AA00C066D2} (PopupMenu Object) - http://activex.microsoft.com/controls/iexp.../x86/iemenu.cab
backup-20080511-174820-451 O22 - SharedTaskScheduler: USB Ware - {E2CA7CD1-1AD9-F1C4-3D2A-DC1A33E7AF9D} - (no file)

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 prohlp02 (StarForce Protection Helper Driver v2) - c:\windows\system32\drivers\prohlp02.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 sfdrv01 (StarForce Protection Environment Driver (version 1.x)) - c:\windows\system32\drivers\sfdrv01.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 sfhlp01 (StarForce Protection Helper Driver) - c:\windows\system32\drivers\sfhlp01.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 sfhlp02 (StarForce Protection Helper Driver (version 2.x)) - c:\windows\system32\drivers\sfhlp02.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 sfvfs02 (StarForce Protection VFS Driver (version 2.x)) - c:\windows\system32\drivers\sfvfs02.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 Teefer (Teefer for NT) - c:\windows\system32\drivers\teefer.sys <Not Verified; Sygate Technologies, Inc.; Sygate Teefer Driver>
R0 TPkd - c:\windows\system32\drivers\tpkd.sys <Not Verified; PACE Anti-Piracy, Inc.; InterLok®>
R1 prodrv06 (StarForce Protection Environment Driver v6) - c:\windows\system32\drivers\prodrv06.sys <Not Verified; Protection Technology; StarForce Protection System>
R1 wpsdrvnt - c:\windows\system32\drivers\wpsdrvnt.sys <Not Verified; Sygate Technologies, Inc.; wpsdrvnt>
R3 RT25USBAP (Nintendo Wi-Fi USB Connector Service) - c:\windows\system32\drivers\rt25usbap.sys <Not Verified; Ralink Technology Inc.; Ralink 802.11g Wireless USB Adapters>
R3 SASENUM - c:\program files\superantispyware\sasenum.sys <Not Verified; SuperAdBlocker, Inc.; SuperAntiSpyware>

S3 catchme - c:\docume~1\admini~1\locals~1\temp\catchme.sys (file missing)
S3 EagleNT - c:\windows\system32\drivers\eaglent.sys (file missing)
S3 w200bus (Sony Ericsson W200 driver (WDM)) - c:\windows\system32\drivers\w200bus.sys <Not Verified; MCCI; Sony Ericsson W200>
S3 w200mdfl (Sony Ericsson W200 USB WMC Modem Filter) - c:\windows\system32\drivers\w200mdfl.sys <Not Verified; MCCI; Sony Ericsson W200 USB WMC Modem Filter Driver>
S3 w200mdm (Sony Ericsson W200 USB WMC Modem Driver) - c:\windows\system32\drivers\w200mdm.sys <Not Verified; MCCI; Sony Ericsson W200 USB WMC Data Modem>
S3 w200mgmt (Sony Ericsson W200 USB WMC Device Management Drivers (WDM)) - c:\windows\system32\drivers\w200mgmt.sys <Not Verified; MCCI; Sony Ericsson W200 USB WMC Device Management>
S3 w200obex (Sony Ericsson W200 USB WMC OBEX Interface) - c:\windows\system32\drivers\w200obex.sys <Not Verified; MCCI; Sony Ericsson W200 USB WMC OBEX Interface>
S3 XTrapD12 - c:\windows\system32\xtrapd12.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 Viewpoint Manager Service - "c:\program files\viewpoint\common\viewpointservice.exe" <Not Verified; Viewpoint Corporation; Viewpoint Manager>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Process Modules -------------------------------------------------------------

C:\WINDOWS\system32\winlogon.exe (pid 804)
2005-02-16 10:18:56 1101824 --a------ C:\WINDOWS\system32\msgina.dll <Not Verified; Microsoft Corporation; Microsoftョ Windowsョ Operating System>
2007-10-25 22:36:51 12867072 --a------ C:\WINDOWS\system32\shell32.dll <Not Verified; Microsoft Corporation; Microsoftョ Windowsョ Operating System>
2007-11-19 17:59:59 218624 --a------ C:\WINDOWS\system32\uxtheme.dll <Not Verified; Microsoft Corporation; Microsoftョ Windowsョ Operating System>
2007-04-19 12:41:36 294912 --a------ C:\Program Files\SUPERAntiSpyware\SASWINLO.dll <Not Verified; SUPERAntiSpyware.com; SUPERAntiSpyware WinLogon Processor>
2005-02-16 10:18:56 3288064 --a------ C:\WINDOWS\system32\xpsp2res.dll <Not Verified; Microsoft Corporation; Microsoftョ Windowsョ Operating System>

C:\WINDOWS\system32\svchost.exe (pid 1064)
2007-10-25 22:36:51 12867072 --a------ C:\WINDOWS\system32\shell32.dll <Not Verified; Microsoft Corporation; Microsoftョ Windowsョ Operating System>
2007-11-19 17:59:59 218624 --a------ C:\WINDOWS\system32\uxtheme.dll <Not Verified; Microsoft Corporation; Microsoftョ Windowsョ Operating System>
2005-02-16 10:18:56 3288064 --a------ C:\WINDOWS\system32\xpsp2res.dll <Not Verified; Microsoft Corporation; Microsoftョ Windowsョ Operating System>

C:\WINDOWS\system32\svchost.exe (pid 1356)
2007-10-25 22:36:51 12867072 --a------ C:\WINDOWS\system32\shell32.dll <Not Verified; Microsoft Corporation; Microsoftョ Windowsョ Operating System>
2007-11-19 17:59:59 218624 --a------ C:\WINDOWS\system32\uxtheme.dll <Not Verified; Microsoft Corporation; Microsoftョ Windowsョ Operating System>
2005-02-16 10:18:56 3288064 --a------ C:\WINDOWS\system32\xpsp2res.dll <Not Verified; Microsoft Corporation; Microsoftョ Windowsョ Operating System>
2005-02-16 10:18:56 2122752 --a------ C:\WINDOWS\system32\netshell.dll <Not Verified; Microsoft Corporation; Microsoftョ Windowsョ Operating System>
2005-02-16 10:18:56 188928 --a------ C:\WINDOWS\system32\credui.dll <Not Verified; Microsoft Corporation; Microsoftョ Windowsョ Operating System>
2005-02-16 10:18:56 1229824 --a------ C:\WINDOWS\system32\rasdlg.dll <Not Verified; Microsoft Corporation; Microsoftョ Windowsョ Operating System>

C:\WINDOWS\system32\svchost.exe (pid 1404)
2007-10-25 22:36:51 12867072 --a------ C:\WINDOWS\system32\shell32.dll <Not Verified; Microsoft Corporation; Microsoftョ Windowsョ Operating System>
2007-11-19 17:59:59 218624 --a------ C:\WINDOWS\system32\uxtheme.dll <Not Verified; Microsoft Corporation; Microsoftョ Windowsョ Operating System>

C:\WINDOWS\explorer.exe (pid 196)
2007-10-25 22:36:51 12867072 --a------ C:\WINDOWS\system32\shell32.dll <Not Verified; Microsoft Corporation; Microsoftョ Windowsョ Operating System>
2007-11-19 17:59:59 218624 --a------ C:\WINDOWS\system32\uxtheme.dll <Not Verified; Microsoft Corporation; Microsoftョ Windowsョ Operating System>
2005-02-16 10:18:56 388096 --a------ C:\WINDOWS\system32\themeui.dll <Not Verified; Microsoft Corporation; Microsoftョ Windowsョ Operating System>
2005-02-16 10:18:56 3288064 --a------ C:\WINDOWS\system32\xpsp2res.dll <Not Verified; Microsoft Corporation; Microsoftョ Windowsョ Operating System>
2005-02-16 10:18:56 231936 --a------ C:\WINDOWS\system32\ntshrui.dll <Not Verified; Microsoft Corporation; Microsoftョ Windowsョ Operating System>
2005-02-16 10:18:56 437248 --a------ C:\WINDOWS\system32\webcheck.dll <Not Verified; Microsoft Corporation; Microsoftョ Windowsョ Operating System>
2005-02-16 10:18:56 147456 --a------ C:\WINDOWS\system32\stobject.dll <Not Verified; Microsoft Corporation; Microsoftョ Windowsョ Operating System>
2005-02-16 10:18:56 28672 --a------ C:\WINDOWS\system32\batmeter.dll <Not Verified; Microsoft Corporation; Microsoftョ Windowsョ Operating System>
2005-02-16 10:18:56 2122752 --a------ C:\WINDOWS\system32\netshell.dll <Not Verified; Microsoft Corporation; Microsoftョ Windowsョ Operating System>
2005-02-16 10:18:56 188928 --a------ C:\WINDOWS\system32\credui.dll <Not Verified; Microsoft Corporation; Microsoftョ Windowsョ Operating System>
2004-12-22 00:48:14 49152 -----n--- C:\Program Files\GoGoData.com\GoGoData Toolbar\gogohook.dll
2003-10-07 04:41:56 81920 --a------ C:\Program Files\SBC Self Support Tool\SmartBridge\SBHook.dll <Not Verified; Motive Communications, Inc.; Motive System>
2007-03-18 17:04:22 69632 --a------ C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.dll
2006-05-21 02:43:08 65536 --a------ C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon.dll
2005-02-16 10:18:56 666112 --a------ C:\WINDOWS\system32\shdoclc.dll <Not Verified; Microsoft Corporation; Microsoftョ Windowsョ Operating System>

C:\WINDOWS\system32\svchost.exe (pid 1424)
2007-10-25 22:36:51 12867072 --a------ C:\WINDOWS\system32\shell32.dll <Not Verified; Microsoft Corporation; Microsoftョ Windowsョ Operating System>
2007-11-19 17:59:59 218624 --a------ C:\WINDOWS\system32\uxtheme.dll <Not Verified; Microsoft Corporation; Microsoftョ Windowsョ Operating System>
2005-02-16 10:18:56 3288064 --a------ C:\WINDOWS\system32\xpsp2res.dll <Not Verified; Microsoft Corporation; Microsoftョ Windowsョ Operating System>

C:\WINDOWS\system32\svchost.exe (pid 2704)
2007-10-25 22:36:51 12867072 --a------ C:\WINDOWS\system32\shell32.dll <Not Verified; Microsoft Corporation; Microsoftョ Windowsョ Operating System>
2007-11-19 17:59:59 218624 --a------ C:\WINDOWS\system32\uxtheme.dll <Not Verified; Microsoft Corporation; Microsoftョ Windowsョ Operating System>
2005-02-16 10:18:56 3288064 --a------ C:\WINDOWS\system32\xpsp2res.dll <Not Verified; Microsoft Corporation; Microsoftョ Windowsョ Operating System>


-- Scheduled Tasks -------------------------------------------------------------

2008-05-04 02:16:27 330 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job
2008-05-02 15:40:59 424 --a------ C:\WINDOWS\Tasks\Norton Security Scan.job
2008-05-02 13:58:06 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2008-04-11 and 2008-05-11 -----------------------------

2008-05-11 18:46:30 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-05-11 18:46:18 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-05-11 18:46:18 0 d-------- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
2008-05-11 18:38:45 0 d-------- C:\Program Files\Common Files\Java
2008-05-04 14:12:40 0 d-------- C:\WINDOWS\ERUNT
2008-05-02 15:48:19 0 d-------- C:\WINDOWS\system32\Adobe
2008-04-28 17:21:43 0 d-------- C:\Program Files\Svconr
2008-04-24 16:49:35 0 d-------- C:\Program Files\iPod
2008-04-22 23:10:13 0 d-------- C:\Program Files\Noitu Love 2
2008-04-20 15:28:41 0 d-------- C:\Documents and Settings\All Users\Application Data\Rabio
2008-04-20 15:23:12 0 d-------- C:\Documents and Settings\LocalService\Application Data\Macromedia
2008-04-20 15:23:07 0 d-------- C:\Documents and Settings\LocalService\Application Data\Adobe
2008-04-20 15:22:57 0 d-------- C:\Documents and Settings\All Users\Application Data\opgpwhux
2008-04-20 15:22:49 0 d-------- C:\WINDOWS\mgwwgmke
2008-04-20 15:22:23 0 d-------- C:\Documents and Settings\LocalService\Application Data\Google
2008-04-20 15:22:20 0 d---s---- C:\Documents and Settings\LocalService\Favorites
2008-04-13 20:09:04 0 d-------- C:\Documents and Settings\Administrator\Application Data\Trash
2008-04-13 20:03:16 0 d-------- C:\Program Files\Trash
2008-04-13 12:56:55 0 d-------- C:\Program Files\iTunes
2008-04-13 09:12:35 0 d-------- C:\Documents and Settings\Administrator\Application Data\Skype


-- Find3M Report ---------------------------------------------------------------

2008-05-11 21:41:39 0 d-------- C:\Program Files\Windows NT
2008-05-11 18:45:22 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-05-11 18:39:55 0 d-------- C:\Program Files\Java
2008-05-11 18:38:45 0 d-------- C:\Program Files\Common Files
2008-05-05 21:43:44 0 d-------- C:\Program Files\lx_cats
2008-05-04 09:15:46 0 d-------- C:\Documents and Settings\Administrator\Application Data\LimeWire
2008-05-03 18:43:24 0 d-------- C:\Program Files\LimeWire
2008-05-02 15:00:01 0 d-------- C:\Program Files\Norton Security Scan
2008-04-29 22:33:20 0 d-------- C:\Program Files\Apple Software Update
2008-04-26 14:05:50 0 d-------- C:\Program Files\BitComet
2008-04-20 19:18:45 0 d-------- C:\Program Files\QuickTime
2008-04-09 19:52:52 0 d-------- C:\Program Files\DivX
2008-04-03 22:20:53 0 d-------- C:\Documents and Settings\Administrator\Application Data\Soldat
2008-04-02 19:35:30 0 d-------- C:\Documents and Settings\Administrator\Application Data\Blackberry Desktop
2008-03-31 16:25:48 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivXョ>
2008-03-31 16:25:48 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivXョ>
2008-03-31 16:25:46 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2008-03-31 16:25:46 831488 --a------ C:\WINDOWS\system32\divx_xx0a.dll
2008-03-31 16:25:46 682496 --a------ C:\WINDOWS\system32\DivX.dll <Not Verified; DivX, Inc.; DivXョ>
2008-03-30 22:57:12 0 d-------- C:\Documents and Settings\Administrator\Application Data\Research In Motion
2008-03-30 22:53:02 0 d-------- C:\Program Files\Common Files\Research In Motion
2008-03-23 20:10:59 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-03-23 18:50:58 0 d-------- C:\Program Files\eRightSoft
2008-03-23 16:38:41 0 d-------- C:\Program Files\Audiosurf
2008-03-23 16:25:02 0 d-------- C:\Program Files\Fiddler2
2008-03-23 15:47:17 0 d-------- C:\Program Files\The Rosetta Stone
2008-03-22 13:16:36 0 d-------- C:\Program Files\LogMeIn
2008-03-21 15:30:08 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-03-21 15:28:54 196608 --a------ C:\WINDOWS\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2008-03-21 15:28:54 81920 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2008-03-21 15:28:20 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
2008-03-19 14:00:58 0 d-------- C:\Documents and Settings\Administrator\Application Data\Apple Computer
2008-03-14 23:46:18 0 d-------- C:\Program Files\CDisplay
2008-02-26 01:37:03 57952 --a------ C:\Documents and Settings\Administrator\Application Data\GDIPFONTCACHEV1.DAT
2008-02-25 22:39:54 1891 --a------ C:\WINDOWS\mozver.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
12/17/2007 11:24 PM 1502232 --a------ C:\Program Files\Freecorder\tbFre1.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{1392B8D2-5C05-419F-A8F6-B9F15A596612}"= C:\Program Files\Freecorder\tbFre1.dll [12/17/2007 11:24 PM 1502232]

[-HKEY_CLASSES_ROOT\CLSID\{1392B8D2-5C05-419F-A8F6-B9F15A596612}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [04/21/2008 07:27 PM]
"SoundMan"="SOUNDMAN.EXE" [04/28/2004 05:19 PM C:\WINDOWS\soundman.exe]
"YBrowser"="C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe" [07/21/2006 04:19 PM]
"Motive SmartBridge"="C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe" [12/10/2003 04:52 AM]
"YOP"="C:\PROGRA~1\Yahoo!\YOP\yop.exe" [06/26/2007 01:48 PM]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [01/02/2006 05:41 PM]
"SmcService"="C:\PROGRA~1\Sygate\SPF\smc.exe" [10/15/2004 08:40 PM]
"WindowsUI"="C:\WINDOWS\WINDOWS\WindowsUI.exe" []
"lxcymon.exe"="C:\Program Files\Lexmark 3400 Series\lxcymon.exe" [06/25/2007 09:34 AM]
"EzPrint"="C:\Program Files\Lexmark 3400 Series\ezprint.exe" [06/25/2007 09:34 AM]
"FaxCenterServer"="C:\Program Files\Lexmark Fax Solutions\fm3032.exe" [06/25/2007 09:35 AM]
"LXCYCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCYtime.dll" [11/21/2006 12:27 PM]
"SearchSettings"="C:\Program Files\Search Settings\SearchSettings.exe" []
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [04/04/2007 02:01 AM]
"Pepsi Volume Controller 3.0"="C:\Program Files\Zamaan's Software\Pepsi Volume Controller 3.0\pvc3.0.exe" [04/08/2006 02:56 AM]
"Zune Launcher"="f:\Zune\ZuneLauncher.exe" [01/11/2008 06:54 PM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 11:16 PM]
"LogMeIn GUI"="C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" [08/03/2007 03:09 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [03/28/2008 11:37 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [03/30/2008 10:36 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [03/25/2008 04:28 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sonic RecordNow!"="" []
"GoGoTray.exe"="C:\Program Files\GoGoData.com\GoGoData Toolbar\GoGoTray.exe" [01/30/2005 12:50 PM]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [06/05/2007 06:46 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [02/16/2005 10:18 AM]
"Aim6"="" []
"RocketDock"="C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe" [03/18/2007 05:05 PM]
"WindowsUI"="C:\WINDOWS\WINDOWS\WindowsUI.exe" []
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [02/29/2008 04:03 PM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"MySpaceIM"=C:\Program Files\MySpace\IM\MySpaceIM.exe

C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Startup\
Cme.lnk - C:\Program Files\Change Mon Ecran\Change Mon Ecran.exe [11/19/2007 5:20:01 PM]
RocketDock.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [3/18/2007 5:05:02 PM]
TransBar.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe [6/1/2005 2:41:18 PM]
UberIcon.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe [5/21/2006 2:43:08 AM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Desktop Manager.lnk - F:\Program Files\DesktopMgr.exe [9/7/2006 12:53:02 PM]
Run Nintendo Wi-Fi USB Connector Registration Tool.lnk - C:\Program Files\WiFiConnector\NintendoWFCReg.exe [6/20/2007 6:31:03 PM]
WindowsUI.exe.lnk - C:\WINDOWS\explorer.exe [2/16/2005 10:18:56 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableCAD"=1 (0x1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [12/20/2006 12:55 PM 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 04/19/2007 12:41 PM 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
LMIinit.dll 11/15/2007 06:46 PM 87352 C:\WINDOWS\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SBC Self Support Tool.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SBC Self Support Tool.lnk
backup=C:\WINDOWS\pss\SBC Self Support Tool.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
"C:\Program Files\Windows Defender\MSASCui.exe" -hide


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
AutoRun\command- G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9e4de814-dd88-11dc-9c24-00402b27ca99}]
AutoRun\command- G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c85a35df-b961-11dc-9c07-00402b27ca99}]
AutoRun\command- G:\wd_windows_tools\setup.exe




-- End of Deckard's System Scanner: finished at 2008-05-11 22:09:58 ------------







Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Celeron® CPU 1.70GHz
Percentage of Memory in Use: 74%
Physical Memory (total/avail): 637.98 MiB / 160.07 MiB
Pagefile Memory (total/avail): 793.34 MiB / 262.43 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1923.84 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 37.26 GiB total, 7.21 GiB free.
D: is CDROM (No Media)
E: is CDROM (No Media)
F: is Fixed (NTFS) - 37.27 GiB total, 19.35 GiB free.

\\.\PHYSICALDRIVE0 - ST340810A - 37.27 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 37.26 GiB - C:

\\.\PHYSICALDRIVE1 - WDC WD400EB-00CPF0 - 37.27 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 37.27 GiB - F:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.

FW: Sygate Personal Firewall v4.6 (Sygate Technologies, Inc.)
AV: AVG 7.5.524 v7.5.524 (Grisoft)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\BitComet\\BitComet.exe"="C:\\Program Files\\BitComet\\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client"
"C:\\Program Files\\WiFiConnector\\NintendoWFCReg.exe"="C:\\Program Files\\WiFiConnector\\NintendoWFCReg.exe:*:Enabled:Nintendo Wi-Fi Connector USB"
"C:\\Program Files\\Yahoo!\\browser\\ybrowser.exe"="C:\\Program Files\\Yahoo!\\browser\\ybrowser.exe:*:Enabled:Yahoo! Browser"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\WINDOWS\\WINDOWS\\WindowsUI.exe"="C:\\WINDOWS\\WINDOWS\\WindowsUI.exe:*:Enabled:WindowsUI"
"C:\\WINDOWS\\system32\\lxcycoms.exe"="C:\\WINDOWS\\system32\\lxcycoms.exe:*:Enabled:Lexmark Communications System"
"C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Enabled:Internet Explorer"
"C:\\Program Files\\mIRC\\mirc.exe"="C:\\Program Files\\mIRC\\mirc.exe:*:Enabled:mIRC"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Windows Media Player\\wmplayer.exe"="C:\\Program Files\\Windows Media Player\\wmplayer.exe:*:Enabled:Windows Media Player"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\BYOND\\bin\\byond.exe"="C:\\Program Files\\BYOND\\bin\\byond.exe:*:Enabled:byond"
"C:\\Soldat\\Soldat.exe"="C:\\Soldat\\Soldat.exe:*:Enabled:Soldat"
"C:\\Program Files\\Trash\\Trash.exe"="C:\\Program Files\\Trash\\Trash.exe:*:Enabled:Trash"
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"="C:\\Program Files\\Real\\RealPlayer\\realplay.exe:*:Enabled:RealPlayer"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"="C:\\Program Files\\MySpace\\IM\\MySpaceIM.exe:*:Enabled:MySpace Instant Messenger"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Administrator\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=MARY-1
ComSpec=C:\WINDOWS\system32\cmd.exe
DEFAULT_CA_NR=CA18
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Administrator
LANG=C
LOGONSERVER=\\MARY-1
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Common Files\GTK\2.0\bin;C:\Program Files\ATI Technologies\ATI.ACE\;C:\Program Files\Common Files\Teleca Shared;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 1 Stepping 3, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0103
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
SESSIONNAME=Console
sourcedir=C:\WINDOWS\Downloaded Installations\{649263F3-32A6-4A9D-9028-E6B8EAF8F529}\
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
USERDOMAIN=MARY-1
USERNAME=Administrator
USERPROFILE=C:\Documents and Settings\Administrator
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

LogMeInRemoteUser (admin)
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> "C:\Program Files\BZEdit1.6.5\uninstall.exe"
--> C:\PROGRA~1\SBCSEL~1\CustomUninstall.exe SBC
--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
--> C:\WINDOWS\system32\\MSIEXEC.EXE /I {09DA4F91-2A09-4232-AB8C-6BC740096DE3} REMOVE=UpdateMgrFeature
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19}
--> MsiExec /X{E2BE1618-AF5F-4F7D-8484-42E080EDF609}
--> MsiExec.exe /X{69495273-FCDC-4A86-BCB7-49B504D3FB0E}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
ABBYY FineReader 6.0 Sprint --> MsiExec.exe /X{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}
Ad-Aware SE Personal --> C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Shockwave Player 11 --> C:\WINDOWS\system32\adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
AGEIA PhysX v7.01.12 --> MsiExec.exe /X{E2BE1618-AF5F-4F7D-8484-42E080EDF609}
AIM 6 --> C:\Program Files\AIM6\uninst.exe
AOL Instant Messenger --> C:\Program Files\AIM\uninstll.exe -LOG= C:\Program Files\AIM\install.log -OEM=
Apple Mobile Device Support --> MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update --> MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F}
Armagetron Advanced 0.2.8.2.1.gcc --> C:\Documents and Settings\Administrator\Desktop\EMUS\Games\Tron\Armagetron Advanced\uninst.exe
AT&T Yahoo! Applications --> C:\PROGRA~1\Yahoo!\common\uninstall.exe
ATI - Software Uninstall Utility --> C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Catalyst Control Center --> MsiExec.exe /I{EA9FAF16-0E5C-42C4-9742-9AF8D5F6D69B}
ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
Audiosurf Beta --> "C:\Program Files\Audiosurf\unins000.exe"
AVG Free Edition --> C:\Program Files\Grisoft\AVG Free\setup.exe /UNINSTALL
BitComet 0.67 --> C:\Program Files\BitComet\uninst.exe
BlackBerry Desktop Software 4.2 --> MsiExec.exe /i{37E1EB56-C59B-4C5C-B0B3-B5076046EF8A}
BlackBerry Desktop Software 4.2 --> MsiExec.exe /I{37E1EB56-C59B-4C5C-B0B3-B5076046EF8A}
BroadJump Client Foundation --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\BroadJump\Client Foundation\Uninst.isu" -c"C:\Program Files\BroadJump\Client Foundation\RmvBJCFD.dll" -b"CFD" -h"CFD" -a
Build Your Own Net Dream (remove only) --> C:\Program Files\BYOND\Uninst.exe
Build Your Own Net Dream (remove only) --> C:\Program Files\BYOND\Uninst.exe
CCleaner (remove only) --> "C:\Documents and Settings\ADMINI~1\Desktop\EMUS\Spyware and virus downloads\CCleaner\uninst.exe"
CDisplay 1.8 --> "C:\Program Files\CDisplay\unins000.exe"
Change Mon Ecran V2.0 --> C:\Program Files\Change Mon Ecran\Cme-Desinstallation.exe
CleanUp! --> C:\Program Files\CleanUp!\uninstall.exe
Corona Visualization Plug-in for WMP --> MsiExec.exe /I{6C3CE73B-E7B8-4979-8740-1476C5CBDEBA}
coverimage1024 Wallpaper --> C:\WINDOWS\WEB\Wallpaper\coverimage1024 dir\uninstall.exe
DAEMON Tools --> MsiExec.exe /I{3DED3A72-61A8-4B87-98A5-EF0BC8038AA0}
dBpoweramp Monkeys Audio Codec --> "C:\WINDOWS\system32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\system32\SpoonUninstall-dBpoweramp Monkeys Audio Codec.dat
dBpowerAMP WMA V9.1 Codec --> "C:\WINDOWS\system32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\system32\SpoonUninstall-dBpowerAMP WMA V9.1 Codec.dat
DeepBurner v1.8.0.224 --> "C:\Program Files\Astonsoft\DeepBurner\Uninstall.exe" "C:\Program Files\Astonsoft\DeepBurner\install.log"
Disc2Phone --> MsiExec.exe /I{FFAB5ABB-8AAB-42E2-847F-1743E51E01E9}
Disc2Phone --> MsiExec.exe /X{C01408FC-117C-44B7-8B0C-17794E526A01}
DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter --> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
ewido anti-malware --> C:\Program Files\ewido anti-malware\Uninstall.exe
Fiddler2 (remove only) --> "C:\Program Files\Fiddler2\uninst.exe"
Fighter Factory 1.0.12.2005 (Update Pack 3) --> "C:\Documents and Settings\Administrator\Desktop\EMUS\Games\Mugen\index\Mugen+MT3(KiKi)\work\Tools\Fighter Factory\unins000.exe"
FLV Player --> "C:\WINDOWS\FLV Player\uninstall.exe" "/U:C:\Program Files\FLV Player\Uninstall\uninstall.xml"
Free Ipod Video Converter V 2.4 --> "C:\Program Files\BitComet\Downloads\Ipod Video Converter\unins000.exe"
Free Video to iPod Converter version 2.4 --> "C:\Program Files\BitComet\Downloads\Free Video to iPod Converter\unins000.exe"
Freecorder Toolbar --> C:\PROGRA~1\FREECO~2\UNWISE.EXE C:\PROGRA~1\FREECO~2\INSTALL.LOG
Freecorder Toolbar 3.0 Application --> "C:\WINDOWS\Freecorder Toolbar\uninstall.exe" "/U:C:\Program Files\Freecorder Toolbar\Uninstall\uninstall.xml"
Frets On Fire --> "C:\Program Files\Frets on Fire\Uninstall.exe"
GameSpot Download Manager --> "C:\Program Files\GameSpot\uninstall.exe"
GameTap --> C:\Program Files\InstallShield Installation Information\{67E158AF-8856-4337-B483-EA21930786AF}\setup.exe -runfromtemp -l0x0009 -removeonly
GCalc 3 --> C:\WINDOWS\system32\javaws.exe -uninstall -prompt "http://gcalc.net/jar/gcalc3.jnlp"
getPlus®_ocx --> rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\inf\GETPLUSo.INF, DefaultUninstall
GGXtrial --> C:\WINDOWS\IsUn0411.exe -f"C:\Program Files\CYBERFRONT\GGXtrial\Uninst.isu"
GoGoData Toolbar 3.0.1 --> C:\PROGRA~1\GoGoData.com\GOGODA~1\Setup.exe /remove
Google Toolbar for Internet Explorer --> MsiExec.exe /X{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar2.dll"
GTK+ 2.8.18-1 runtime environment --> "C:\Program Files\Common Files\GTK\2.0\unins000.exe"
GUILTY GEAR X2 #RELOAD --> MsiExec.exe /I{6984297D-54B4-47F2-B160-D40C305756AF}
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
hott notes 4 --> C:\Program Files\hott notes 4\uninst.exe
hp deskjet 3320 series (Remove only) --> C:\Program Files\hp deskjet 3320 series\hpfiui.exe -c -vdivid=HPF -vpnum=95 -vinstport=USB001 -vproduct=3320 -huninstall
iDump (Backing up your iPod) --> C:\Program Files\iDump\uninstall.exe
IGN Download Manager 2.3.2 --> C:\Program Files\IGN\Download Manager\uninst.exe
ijji --> C:\ijji\ENGLISH\ijjiUninstall.exe
ijji - Gunz --> C:\ijji\ENGLISH\Gunz\Uninstall.exe
ijji Auto Installer --> "C:\Program Files\InstallShield Installation Information\{1DCC7418-2089-4BDD-B321-3771956160FC}\setup.exe" -runfromtemp -l0x0009 -removeonly
Intel® Extreme Graphics Driver --> RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2562
Internet ScreenSaver Builder --> "C:\Program Files\XemiComputers\Internet ScreenSaver Builder\unins000.exe"
iTunes --> MsiExec.exe /I{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}
Java™ 6 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160060}
jetAudio Basic --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DF8195AF-8E6F-4487-A0EE-196F7E3F4B8A}\setup.exe" -l0x9 -removeonly
Kaspersky Online Scanner --> C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
Lernout & Hauspie TruVoice American English TTS Engine --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\tv_enua.inf, Uninstall
Lexmark 3400 Series --> C:\Program Files\Lexmark 3400 Series\Install\x86\Uninst.exe
Lexmark Fax Solutions --> C:\Program Files\Lexmark Fax Solutions\Install\x86\Uninst.exe /R:faxunst
Lexmark Toolbar --> regsvr32.exe /s /u "C:\Program Files\Lexmark Toolbar\toolband.dll"
LimeWire 4.16.6 --> "C:\Program Files\LimeWire\uninstall.exe"
LogMeIn --> MsiExec.exe /I{7E7658A2-CD3F-48A7-93EA-0882BCA4FD2A}
MAGIX Ringtone Maker 2 silver (US) --> F:\MAGIX\Ringtone_Maker_2_silver\instslct.exe
MAME32k (remove only) --> "C:\Documents and Settings\Administrator\Desktop\EMUS\MAME\Online\MAME32k\uninst.exe"
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.1 --> "C:\WINDOWS\$NtUninstallWdf01001$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 --> "C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft Office XP Professional with FrontPage --> MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
mIRC --> "C:\Program Files\mIRC\mirc.exe" -uninstall
MOBILedit! 2.3 --> RunDll32 C:\PROGRA~1\MOBILE~1\Setup\Setup.dll,RemoveOnly
MOSWorkshop --> C:\WINDOWS\uninst.exe -f"c:\documents and settings\administrator\desktop\emus\games\mugen\index\mugen+mt3(kiki)\work\tools\mosw1007\DeIsL1.isu" -c"c:\documents and settings\administrator\desktop\emus\games\mugen\index\mugen+mt3(kiki)\work\tools\mosw1007\_ISREG32.DLL"
Mozilla Firefox (2.0.0.14) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MP3 To Ringtone Gold 3.17 --> "F:\AnMing\unins000.exe"
MSN Gaming Zone --> C:\PROGRA~1\MSNGAM~1\zsetup.exe /Uninstall
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
MySpaceIM --> C:\Program Files\MySpace\IM\Uninstall.exe
Nintendo Wi-Fi USB Connector Registration Tool --> C:\Program Files\WiFiConnector\SoftAPUninst.exe
Noitu Love 2: Devolution --> C:\Program Files\Noitu Love 2\Uninstal.exe
Norton Security Scan --> MsiExec.exe /I{DA15D535-5E1D-4076-B520-8571346D6238}
Ovation --> MsiExec.exe /I{85E6BACC-C8B2-49DD-A28B-6318E516E0CF}
Ovation --> MsiExec.exe /I{DDCC4FB0-3C82-494F-9376-66E5F1486358}
Pack Vista Inspirat 2 1.0 --> C:\WINDOWS\BricoPacks\Vista Inspirat 2\Remove.exe
Panda ActiveScan --> C:\WINDOWS\system32\ASUninst.exe Panda ActiveScan
Pepsi Volume Controller 3.0 --> "C:\Program Files\Zamaan's Software\Pepsi Volume Controller 3.0\unins000.exe"
PhanTim3 --> "C:\Program Files\PhanTim3\Uninstall.exe"
Pivot Stickfigure Animator --> MsiExec.exe /I{BEAD39CD-901D-4267-8B8B-EAA83CB4B70D}
Project64 1.6 --> MsiExec.exe /X{9559F7CA-5E34-4237-A2D9-D856464AD727}
QuickTime --> MsiExec.exe /I{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek AC'97 Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE
RM Converter 4.12 --> "C:\Program Files\RM Converter\unins000.exe"
Rumble Box Tournament Edition --> C:\Program Files\Rumble Box\uninst.exe
SBC Self Support Tool --> C:\WINDOWS\Motive\SBC\MCCUninst.exe
Screensaver_Game_1024x768 --> C:\WINDOWS\system32\Screensaver_Game_1024x768.scr /u
Search Settings --> MsiExec.exe /X{90529245-9C54-45B5-BBB3-B180CA04F248}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Soldat 1.4.2 --> "C:\Soldat\unins000.exe"
Sonic RecordNow! --> MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19}
Sonic Update Manager --> MsiExec.exe /I{09DA4F91-2A09-4232-AB8C-6BC740096DE3}
Sony Ericsson Device Data --> MsiExec.exe /I{C92E7DF1-624A-4D95-A4C4-18CB491B44A4}
Sony Ericsson PC Suite --> C:\WINDOWS\Installer\{D6BF6477-8369-489F-8DE6-3731F4B88560}\setup.exe /uninstall
Sony Ericsson PC Suite --> MsiExec.exe /I{52D44F93-8FA9-4945-A817-0E98669CCE03}
Spybot - Search & Destroy 1.4 --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
SpywareBlaster v3.5.1 --> "C:\Program Files\SpywareBlaster\unins000.exe"
SUPER ゥ Version 2008.bld.30 (Mar 22, 2008) --> C:\PROGRA~1\ERIGHT~1\SUPER\Setup.exe /remove /q0
SUPERAntiSpyware Free Edition --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
Svconr --> "C:\Program Files\Svconr\Svconr.exe" -uninstall
Sygate Personal Firewall --> MsiExec.exe /I{F34D9A5F-484A-4E31-A9D3-908CB265B289}
The GIMP 2.2.11 --> "C:\Program Files\GIMP-2.0\unins000.exe"
The MDickie Show (Demo) --> C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\DESKTOP\EMUS\GAMES\MDICKIE\SHOW\Uninstal.exe
The Rosetta Stone --> C:\WINDOWS\unvise32.exe C:\Program Files\The Rosetta Stone\TRS Support\uninstal.log
Trash (remove only) --> "C:\Program Files\Trash\uninstall.exe"
Twins video to iPod-Zune-PSP-3GP 1.0 --> "F:\Twins video to iPod-Zune-PSP-3GP\unins000.exe"
UltimateZip 2.7 --> "C:\Program Files\UltimateZip 2.7\unins000.exe"
upapp --> MsiExec.exe /I{4EF69D40-4DC9-485E-95D3-B1C22F218FC8}
Update Service --> C:\Program Files\Sony Ericsson\Update Service\uninst.exe
陽射しの中のリアル --> C:\Documents and Settings\Administrator\Desktop\EMUS\Videos\GBA\New Folder (6)\New Folder (7)\New Folder (6)\New Folder\陽射しの中のリアル\_uninst.exe JHHKIOMLICLFICMMJCIGICMMIDIKIDEBIDIL
VeohTV BETA --> C:\Program Files\InstallShield Installation Information\{1A40B327-2F18-4DC6-894F-C9050321B5CB}\setup.exe -runfromtemp -l0x0409
VideoLAN VLC media player 0.8.6 --> C:\Program Files\VideoLAN\VLC\uninstall.exe
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
Vitalize! --> C:\Program Files\Common Files\Vitalize\Uninstal.exe
Vox Proxy --> MsiExec.exe /I{98A2EDE2-FDA6-11D4-857B-0040F68C9D72}
Winamp Remote --> "C:\Program Files\Winamp Remote\uninstall.exe"
Windows Defender --> MsiExec.exe /I{B2D7CE29-614A-4ACC-8BFE-009EB3A244C9}
Windows Defender Signatures --> MsiExec.exe /I{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}
Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Live installer --> MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Messenger --> MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live Sign-in Assistant --> MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Presentation Foundation --> MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
WinZip --> "C:\Program Files\WinZip\WINZIP32.EXE" /uninstall
WM Converter 2.0 --> C:\Program Files\WM Converter\Uninstal.exe
WordToys --> C:\WINDOWS\Inf\WtUninst.exe
Xfire (remove only) --> "C:\Program Files\Xfire\uninst.exe"
XML Paper Specification Shared Components Pack 1.0 -->
Zune --> MsiExec.exe /X{7583239A-D4BE-48CA-A253-396122B3D3E9}
Zune Language Pack (ES) --> MsiExec.exe /X{EE4ACABF-531E-419A-9225-B8E0FA4955AF}
Zune Language Pack (FR) --> MsiExec.exe /X{0076E1AC-9E7B-4B9F-A62A-4CC9511AD8E3}


-- Application Event Log -------------------------------------------------------

Event Record #/Type3867 / Success
Event Submitted/Written: 05/11/2008 09:53:32 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type3854 / Success
Event Submitted/Written: 05/11/2008 07:19:54 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type3812 / Error
Event Submitted/Written: 05/09/2008 11:54:38 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application iexplore.exe, version 6.0.2900.2180, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type3793 / Success
Event Submitted/Written: 05/08/2008 07:23:50 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type3760 / Success
Event Submitted/Written: 05/07/2008 05:46:11 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type44985 / Error
Event Submitted/Written: 05/11/2008 09:50:49 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The SASDIFSV service failed to start due to the following error:
%%183

Event Record #/Type44981 / Error
Event Submitted/Written: 05/11/2008 09:49:06 PM
Event ID/Source: 30013 / ipnathlp
Event Description:
The DHCP allocator has disabled itself on IP address 192.168.1.1,
since the IP address is outside the 192.168.0.0/255.255.255.0 scope
from which addresses are being allocated to DHCP clients.
To enable the DHCP allocator on this IP address,
please change the scope to include the IP address,
or change the IP address to fall within the scope.

Event Record #/Type44940 / Error
Event Submitted/Written: 05/11/2008 06:35:50 PM
Event ID/Source: 30013 / ipnathlp
Event Description:
The DHCP allocator has disabled itself on IP address 192.168.1.1,
since the IP address is outside the 192.168.0.0/255.255.255.0 scope
from which addresses are being allocated to DHCP clients.
To enable the DHCP allocator on this IP address,
please change the scope to include the IP address,
or change the IP address to fall within the scope.

Event Record #/Type44916 / Error
Event Submitted/Written: 05/11/2008 06:35:41 PM
Event ID/Source: 7026 / Service Control Manager
Event Description:
The following boot-start or system-start driver(s) failed to load:
oreans32

Event Record #/Type44898 / Error
Event Submitted/Written: 05/11/2008 05:55:29 PM
Event ID/Source: 30013 / ipnathlp
Event Description:
The DHCP allocator has disabled itself on IP address 192.168.1.1,
since the IP address is outside the 192.168.0.0/255.255.255.0 scope
from which addresses are being allocated to DHCP clients.
To enable the DHCP allocator on this IP address,
please change the scope to include the IP address,
or change the IP address to fall within the scope.



-- End of Deckard's System Scanner: finished at 2008-05-11 22:09:58 ------------

#9 annabackwards

annabackwards

  • Members
  • 1,381 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Sydney, Australia.
  • Local time:01:31 PM

Posted 13 May 2008 - 06:22 AM

Hello tristenkw5,

Please rescan with SUPERAntiSpyware and post the resulting log just like you did before :thumbsup:
Posted Image

Surf smarter, surf faster, surf safer, surf with Mozilla Firefox

#10 tristenkw5

tristenkw5
  • Topic Starter

  • Members
  • 71 posts
  • OFFLINE
  •  
  • Local time:09:31 PM

Posted 14 May 2008 - 03:40 PM

And so it is done.


SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 05/14/2008 at 03:46 AM

Application Version : 4.0.1154

Core Rules Database Version : 3458
Trace Rules Database Version: 1449

Scan type : Complete Scan
Total Scan Time : 02:56:21

Memory items scanned : 707
Memory threats detected : 0
Registry items scanned : 6288
Registry threats detected : 0
File items scanned : 104126
File threats detected : 59

Adware.Tracking Cookie
C:\Documents and Settings\Administrator\Cookies\administrator@atdmt[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@clicksor[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@apmebf[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@media6degrees[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@azjmp[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ehg-dig.hitbox[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@dynamic.media.adrevolver[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@media.xbox360.ign[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@adbrite[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ehg-foxsports.hitbox[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@specificclick[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@revsci[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@adrevolver[3].txt
C:\Documents and Settings\Administrator\Cookies\administrator@tribalfusion[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@2o7[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@adultfriendfinder[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ads.vlaze[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@adrevolver[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@bs.serving-sys[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@cgi-bin[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@eas.apm.emediate[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@cgm.adbureau[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@interclick[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@doubleclick[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@questionmarket[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@statcounter[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@trafficmp[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@serving-sys[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ad[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@media.mtvnservices[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@fastclick[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@adlegend[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@tremor.adbureau[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ehg-veohnetworksinc.hitbox[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@advertising[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@servedby.adxpower[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ehg-gamespyinc.hitbox[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ads.pointroll[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ads.toonamijetstream[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@media.adrevolver[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@zedo[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@hentaicounter[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@adserver.easyad[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@adinterax[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ad.yieldmanager[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@adopt.specificclick[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@adopt.euroclick[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@247realmedia[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ehg-crossfit.hitbox[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@hitbox[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@realmedia[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@adserver[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@server.cpmstar[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@casalemedia[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@accounts[2].txt

Adware.webHancer
C:\SYSTEM VOLUME INFORMATION\_RESTORE{49E63E10-FC24-48F4-8C08-CD7E3AF15206}\RP265\A0051462.EXE

Unclassified.Oreans32
C:\SYSTEM VOLUME INFORMATION\_RESTORE{49E63E10-FC24-48F4-8C08-CD7E3AF15206}\RP265\A0051463.SYS

Trojan.Unclassified-Packed/Suspicious
C:\SYSTEM VOLUME INFORMATION\_RESTORE{49E63E10-FC24-48F4-8C08-CD7E3AF15206}\RP265\A0051466.DLL

Trojan.Unknown Origin
C:\SYSTEM VOLUME INFORMATION\_RESTORE{49E63E10-FC24-48F4-8C08-CD7E3AF15206}\RP265\A0051467.EXE

#11 annabackwards

annabackwards

  • Members
  • 1,381 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Sydney, Australia.
  • Local time:01:31 PM

Posted 17 May 2008 - 06:49 AM

Hello tristenkw5,

I'm so very sorry about the delay :thumbsup:

Please rescan with DSS once more and reply with the log produced. Please also include how your computer is acting now; no more strange behaviour is there?
Posted Image

Surf smarter, surf faster, surf safer, surf with Mozilla Firefox

#12 tristenkw5

tristenkw5
  • Topic Starter

  • Members
  • 71 posts
  • OFFLINE
  •  
  • Local time:09:31 PM

Posted 18 May 2008 - 08:50 PM

No big deal. As for behaviour, my computer seems pretty clean. Although, and it probably not virus related or anything, everytime I turn on my computer My Documents opens up in a window. That was going on before the viruses though, and it's not really a problem, just kind of annoying.

And I should probably mention that I can't install Internet Explorer 7, as one time I did, but everytime I tried to use it it open and closed instantly. So I went back to 6. Not virus related, but I figured you might recommend me to upgrade at the end of all this because any other time I got help here they told me to also.

Now for the log:


Deckard's System Scanner v20071014.68
Run by Administrator on 2008-05-18 20:19:06
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Administrator.exe) ---------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:20:37 PM, on 5/18/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Lexmark 3400 Series\lxcymon.exe
C:\Program Files\Lexmark 3400 Series\ezprint.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\Zamaan's Software\Pepsi Volume Controller 3.0\pvc3.0.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\system32\lxcycoms.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ZuneBusEnum.exe
C:\Program Files\GoGoData.com\GoGoData Toolbar\GoGoTray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\PROGRA~1\GoGoData.com\GOGODA~1\ADBUST~1.EXE
F:\Program Files\DesktopMgr.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\Program Files\Common Files\Research In Motion\RIMDeviceManager\RIMDeviceManager.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\WgaTray.exe
C:\PROGRA~1\Yahoo!\YOP\SSDK02.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WiFiConnector\NintendoWFCReg.exe
C:\Program Files\Change Mon Ecran\CmeSystray.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Documents and Settings\Administrator\Desktop\dss.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\DOCUME~1\ADMINI~1\Desktop\EMUS\SPYWAR~1\HIJACK~1\ADMINI~1.EXE
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:6711;
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFre1.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.4.29.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFre1.dll
O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [WindowsUI] C:\WINDOWS\WINDOWS\WindowsUI.exe
O4 - HKLM\..\Run: [lxcymon.exe] "C:\Program Files\Lexmark 3400 Series\lxcymon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 3400 Series\ezprint.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [LXCYCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCYtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [Pepsi Volume Controller 3.0] C:\Program Files\Zamaan's Software\Pepsi Volume Controller 3.0\pvc3.0.exe
O4 - HKLM\..\Run: [Zune Launcher] "f:\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [GoGoTray.exe] C:\Program Files\GoGoData.com\GoGoData Toolbar\GoGoTray.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RocketDock] "C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [WindowsUI] C:\WINDOWS\WINDOWS\WindowsUI.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Startup: Cme.lnk = C:\Program Files\Change Mon Ecran\Change Mon Ecran.exe
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
O4 - Global Startup: Desktop Manager.lnk = F:\Program Files\DesktopMgr.exe
O4 - Global Startup: Run Nintendo Wi-Fi USB Connector Registration Tool.lnk = C:\Program Files\WiFiConnector\NintendoWFCReg.exe
O4 - Global Startup: WindowsUI.exe.lnk = C:\WINDOWS\explorer.exe
O8 - Extra context menu item: Add to Change Mon Ecran - c:\windows\CmeIE.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\common\yiesrvc.dll
O9 - Extra button: (no name) - {7B6E4BB4-8464-47CF-9A5B-F82F6B408A6E} - C:\PROGRA~1\GoGoData.com\GOGODA~1\TOMAHA~1.DLL (file missing)
O9 - Extra 'Tools' menuitem: GoGoData AdBuster - {7B6E4BB4-8464-47CF-9A5B-F82F6B408A6E} - C:\PROGRA~1\GoGoData.com\GOGODA~1\TOMAHA~1.DLL (file missing)
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "C:\Program Files\Fiddler2\Fiddler.exe" (file missing)
O9 - Extra 'Tools' menuitem: Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "C:\Program Files\Fiddler2\Fiddler.exe" (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/u...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {1E3F1348-4370-4BBE-A67A-CC7ED824CA85} (Microsoft Genuine Advantage Self Support Tool) - http://go.microsoft.com/fwlink/?LinkId=82580
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1121808448843
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v4.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1198953485921
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - http://ipgweb.cce.hp.com/rdqcpc/downloads/msxml4.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols3/fscax.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab34246.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownlo...GPlugin9USA.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {EB6D7E70-AAA9-40D9-BA05-F214089F2275} (Vitalize Class) - http://www.clickteam.com/vitalize3/vitalize.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxcy_device - - C:\WINDOWS\system32\lxcycoms.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O24 - Desktop Component 1: (no name) - http://gamercard.xbox.com/tristenkw5.card

--
End of file - 16361 bytes

-- Files created between 2008-04-18 and 2008-05-18 -----------------------------

2008-05-15 23:44:41 0 d-------- C:\WINDOWS\system32\drivers\Avg
2008-05-15 23:44:25 0 d-------- C:\Program Files\AVG
2008-05-15 23:44:25 0 d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-05-11 18:46:30 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-05-11 18:46:18 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-05-11 18:46:18 0 d-------- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
2008-05-11 18:38:45 0 d-------- C:\Program Files\Common Files\Java
2008-05-04 14:12:40 0 d-------- C:\WINDOWS\ERUNT
2008-05-02 15:48:19 0 d-------- C:\WINDOWS\system32\Adobe
2008-04-28 17:21:43 0 d-------- C:\Program Files\Svconr
2008-04-24 16:49:35 0 d-------- C:\Program Files\iPod
2008-04-22 23:10:13 0 d-------- C:\Program Files\Noitu Love 2
2008-04-20 15:28:41 0 d-------- C:\Documents and Settings\All Users\Application Data\Rabio
2008-04-20 15:23:12 0 d-------- C:\Documents and Settings\LocalService\Application Data\Macromedia
2008-04-20 15:23:07 0 d-------- C:\Documents and Settings\LocalService\Application Data\Adobe
2008-04-20 15:22:57 0 d-------- C:\Documents and Settings\All Users\Application Data\opgpwhux
2008-04-20 15:22:49 0 d-------- C:\WINDOWS\mgwwgmke
2008-04-20 15:22:23 0 d-------- C:\Documents and Settings\LocalService\Application Data\Google
2008-04-20 15:22:20 0 d---s---- C:\Documents and Settings\LocalService\Favorites


-- Find3M Report ---------------------------------------------------------------

2008-05-12 20:50:26 0 d-------- C:\Program Files\BitComet
2008-05-11 21:41:39 0 d-------- C:\Program Files\Windows NT
2008-05-11 18:45:22 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-05-11 18:39:55 0 d-------- C:\Program Files\Java
2008-05-11 18:38:45 0 d-------- C:\Program Files\Common Files
2008-05-05 21:43:44 0 d-------- C:\Program Files\lx_cats
2008-05-04 09:15:46 0 d-------- C:\Documents and Settings\Administrator\Application Data\LimeWire
2008-05-03 18:43:24 0 d-------- C:\Program Files\LimeWire
2008-05-02 15:00:01 0 d-------- C:\Program Files\Norton Security Scan
2008-04-29 22:33:20 0 d-------- C:\Program Files\Apple Software Update
2008-04-24 16:49:53 0 d-------- C:\Program Files\iTunes
2008-04-20 19:18:45 0 d-------- C:\Program Files\QuickTime
2008-04-13 21:10:52 0 d-------- C:\Documents and Settings\Administrator\Application Data\Trash
2008-04-13 20:08:52 0 d-------- C:\Program Files\Trash
2008-04-13 09:12:35 0 d-------- C:\Documents and Settings\Administrator\Application Data\Skype
2008-04-09 19:52:52 0 d-------- C:\Program Files\DivX
2008-04-03 22:20:53 0 d-------- C:\Documents and Settings\Administrator\Application Data\Soldat
2008-04-02 19:35:30 0 d-------- C:\Documents and Settings\Administrator\Application Data\Blackberry Desktop
2008-03-31 16:25:48 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivXョ>
2008-03-31 16:25:48 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivXョ>
2008-03-31 16:25:46 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2008-03-31 16:25:46 831488 --a------ C:\WINDOWS\system32\divx_xx0a.dll
2008-03-31 16:25:46 682496 --a------ C:\WINDOWS\system32\DivX.dll <Not Verified; DivX, Inc.; DivXョ>
2008-03-30 22:57:12 0 d-------- C:\Documents and Settings\Administrator\Application Data\Research In Motion
2008-03-30 22:53:02 0 d-------- C:\Program Files\Common Files\Research In Motion
2008-03-23 20:10:59 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-03-23 18:50:58 0 d-------- C:\Program Files\eRightSoft
2008-03-23 16:38:41 0 d-------- C:\Program Files\Audiosurf
2008-03-23 16:25:02 0 d-------- C:\Program Files\Fiddler2
2008-03-23 15:47:17 0 d-------- C:\Program Files\The Rosetta Stone
2008-03-22 13:16:36 0 d-------- C:\Program Files\LogMeIn
2008-03-21 15:30:08 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-03-21 15:28:54 196608 --a------ C:\WINDOWS\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2008-03-21 15:28:54 81920 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2008-03-21 15:28:20 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
2008-03-19 14:00:58 0 d-------- C:\Documents and Settings\Administrator\Application Data\Apple Computer
2008-02-26 01:37:03 57952 --a------ C:\Documents and Settings\Administrator\Application Data\GDIPFONTCACHEV1.DAT
2008-02-25 22:39:54 1891 --a------ C:\WINDOWS\mozver.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
12/17/2007 11:24 PM 1502232 --a------ C:\Program Files\Freecorder\tbFre1.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{1392B8D2-5C05-419F-A8F6-B9F15A596612}"= C:\Program Files\Freecorder\tbFre1.dll [12/17/2007 11:24 PM 1502232]

[-HKEY_CLASSES_ROOT\CLSID\{1392B8D2-5C05-419F-A8F6-B9F15A596612}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [04/28/2004 05:19 PM C:\WINDOWS\soundman.exe]
"YBrowser"="C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe" [07/21/2006 04:19 PM]
"Motive SmartBridge"="C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe" [12/10/2003 04:52 AM]
"YOP"="C:\PROGRA~1\Yahoo!\YOP\yop.exe" [06/26/2007 01:48 PM]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [01/02/2006 05:41 PM]
"SmcService"="C:\PROGRA~1\Sygate\SPF\smc.exe" [10/15/2004 08:40 PM]
"WindowsUI"="C:\WINDOWS\WINDOWS\WindowsUI.exe" []
"lxcymon.exe"="C:\Program Files\Lexmark 3400 Series\lxcymon.exe" [06/25/2007 09:34 AM]
"EzPrint"="C:\Program Files\Lexmark 3400 Series\ezprint.exe" [06/25/2007 09:34 AM]
"FaxCenterServer"="C:\Program Files\Lexmark Fax Solutions\fm3032.exe" [06/25/2007 09:35 AM]
"LXCYCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCYtime.dll" [11/21/2006 12:27 PM]
"SearchSettings"="C:\Program Files\Search Settings\SearchSettings.exe" []
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [04/04/2007 02:01 AM]
"Pepsi Volume Controller 3.0"="C:\Program Files\Zamaan's Software\Pepsi Volume Controller 3.0\pvc3.0.exe" [04/08/2006 02:56 AM]
"Zune Launcher"="f:\Zune\ZuneLauncher.exe" [01/11/2008 06:54 PM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 11:16 PM]
"LogMeIn GUI"="C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" [08/03/2007 03:09 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [03/28/2008 11:37 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [03/30/2008 10:36 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [03/25/2008 04:28 AM]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [05/15/2008 11:44 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sonic RecordNow!"="" []
"GoGoTray.exe"="C:\Program Files\GoGoData.com\GoGoData Toolbar\GoGoTray.exe" [01/30/2005 12:50 PM]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [06/05/2007 06:46 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [02/16/2005 10:18 AM]
"Aim6"="" []
"RocketDock"="C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe" [03/18/2007 05:05 PM]
"WindowsUI"="C:\WINDOWS\WINDOWS\WindowsUI.exe" []
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [02/29/2008 04:03 PM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"MySpaceIM"=C:\Program Files\MySpace\IM\MySpaceIM.exe

C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Startup\
Cme.lnk - C:\Program Files\Change Mon Ecran\Change Mon Ecran.exe [11/19/2007 5:20:01 PM]
RocketDock.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [3/18/2007 5:05:02 PM]
TransBar.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe [6/1/2005 2:41:18 PM]
UberIcon.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe [5/21/2006 2:43:08 AM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Desktop Manager.lnk - F:\Program Files\DesktopMgr.exe [9/7/2006 12:53:02 PM]
Run Nintendo Wi-Fi USB Connector Registration Tool.lnk - C:\Program Files\WiFiConnector\NintendoWFCReg.exe [6/20/2007 6:31:03 PM]
WindowsUI.exe.lnk - C:\WINDOWS\explorer.exe [2/16/2005 10:18:56 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableCAD"=1 (0x1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [12/20/2006 12:55 PM 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 04/19/2007 12:41 PM 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
LMIinit.dll 11/15/2007 06:46 PM 87352 C:\WINDOWS\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SBC Self Support Tool.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SBC Self Support Tool.lnk
backup=C:\WINDOWS\pss\SBC Self Support Tool.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
"C:\Program Files\Windows Defender\MSASCui.exe" -hide


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
AutoRun\command- G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9e4de814-dd88-11dc-9c24-00402b27ca99}]
AutoRun\command- G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c85a35df-b961-11dc-9c07-00402b27ca99}]
AutoRun\command- G:\wd_windows_tools\setup.exe




-- End of Deckard's System Scanner: finished at 2008-05-18 20:24:14 ------------

#13 annabackwards

annabackwards

  • Members
  • 1,381 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Sydney, Australia.
  • Local time:01:31 PM

Posted 21 May 2008 - 01:13 AM

Hello tristenkw5,

everytime I turn on my computer My Documents opens up in a window. That was going on before the viruses though, and it's not really a problem, just kind of annoying.

I found a solution here that seemed to work for someone else so i suggest you try it and see if you get the problem solved too :)

Click Start then Run and type msconfig in the "Run" box...click "Ok". Click on the "Startup" tab". Look in the startup list and remove the check from the box next to EXPLORER.EXE, click "Apply" then "Ok". Restart your computer. Upon restart, you may get a Selective Startup dialog box...if you do, check the box in the lower left corner of the window and click "Ok".

I can't install Internet Explorer 7, as one time I did, but everytime I tried to use it it open and closed instantly. So I went back to 6. Not virus related, but I figured you might recommend me to upgrade at the end of all this because any other time I got help here they told me to also.

You're log is basically nearly clean. Go right ahead and update to Internet Explorer 7 if you like after doing all of the below. I would recommend using an alternative (Firefox) though, see below for more details :blink:

Go to Start > Control Panel > Add or Remove Programs.

Remove the following programs, if they are present.
  • Ewido anti-malware ->> an outdated malware program, AVG replaced it and you already have it on your computer :wacko:
If you are unsure of how to use Add or Remove Programs, the please see this tutorial:
How To Remove An Installed Program From Your Computer

Run HijackThis.
Click on Do a system scan only.
Place a checkmark next to these lines (if still present).

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com


Then close all windows except HijackThis and click Fix Checked

Congrats, your log will now be clean! Great job :thumbsup:

Disable and Enable System Restore. - If you are using Windows ME, XP or Vista then you should disable and enable system restore to make sure there are no infected files found in a restore point.

Instructions on how to enable and disable system restore here:

Managing Windows Millenium System Restore or Windows XP System Restore Guide or
Windows Vista System Restore Guide
Renable system restore with instructions from tutorial above

Next,

This process will clean out your Temp files and your Temporary Internet Files.
Please download ATF Cleaner by Atribune.Double-click ATF-Cleaner.exe to run the program.
Under Main "Select Files to Delete" choose: Select All.
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

I highly recommend that you keep this program in an easily accessible area, as there is a likelihood of you using it again

To make browsing the web safer, you should make Internet explorer safer. You should do this even if you do not use it, as it can not be installed from Windows.
  • Click Start > Run
  • Type Inetcpl.cpl & click OK
  • Click on the Security tab
  • Click Reset all zones to default level
  • Make sure the Internet Zone is selected & Click Custom level
  • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
  • Next Click OK, then Apply button and then OK to exit the Internet Properties page.
Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more
secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in pop up
blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from
here

I highly recommend that you use MVPS Hosts file which replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future. Please click [url="http://%5burl="http://mvps.org/winhelp2002/hosts.htm"]here[/url] for it.

Finally, I also recommend that you read the tutorial and follow each of the steps there:
Simple and easy ways to keep your computer safe and secure on the Internet

Please feel free to post any future computer problems in the appropriate forum. Have a great day! :)
Posted Image

Surf smarter, surf faster, surf safer, surf with Mozilla Firefox

#14 don77

don77

    Forum Regular


  • Members
  • 3,212 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Boston Mass
  • Local time:09:31 PM

Posted 23 May 2008 - 08:54 AM

This thread will now be closed.
If you need this topic reopened, please contact a member of the HJT Team and we will reopen it for you.
Include the address of this thread in your request.
If you should have a new issue, please start a new topic.
This applies only to the original topic starter.
Everyone else please begin a New Topic.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users