Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected With Getmirar.com Trojan And Others


  • Please log in to reply
14 replies to this topic

#1 bb0bbby

bb0bbby

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cbus, OH
  • Local time:08:34 AM

Posted 22 April 2008 - 01:18 AM

ARWwp for windows is continually finding getmirar.com & supposedly sweeping it off my system but it keeps finding it after each reboot.

I have scanned with AVG & spybot search & destroy.

here are my logs & thanks in advance:


Deckard's System Scanner v20071014.68
Run by Bouscher on 2008-04-22 02:03:46
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
46: 2008-04-22 06:03:57 UTC - RP46 - Deckard's System Scanner Restore Point
45: 2008-04-21 02:56:06 UTC - RP45 - System Checkpoint
44: 2008-04-18 16:42:41 UTC - RP44 - Software Distribution Service 3.0
43: 2008-04-18 05:04:55 UTC - RP43 - Before uninstall RapidShare Manager
42: 2008-04-17 07:26:49 UTC - RP42 - Before uninstall HijackThis 2.0.2


-- First Restore Point --
1: 2008-04-07 06:09:26 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Bouscher.exe) --------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:05:30 AM, on 4/22/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Dell Photo AIO Printer 964\dlcjmon.exe
C:\WINDOWS\system32\dlcjcoms.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Bouscher\Desktop\dss.exe
C:\DOCUME~1\Bouscher\Desktop\Bouscher.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8081
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: AVGTOOLBAR - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: AVGTOOLBAR - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [MemoryCardManager] F
O4 - HKLM\..\Run: [dlcjmon.exe] "C:\Program Files\Dell Photo AIO Printer 964\dlcjmon.exe"
O4 - HKLM\..\Run: [DELL Webcam Manager] "C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" /s
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [DLCJCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCJtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {10E0E75E-6701-4134-9D95-C0942ED1F1C8} (Snapfish Outlook Import ActiveX Control) - http://www2.snapfish.com/SnapfishOutlookImport.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...nst20040510.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www2.snapfish.com/SnapfishActivia.cab
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.3.5.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1202768279953
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1202855703359
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {D00E9550-440D-4EF8-BFCE-174300890C05} (DMList Class) - http://www.gomusic.ru/cabs/xdownloader.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: dlcj_device - Unknown owner - C:\WINDOWS\system32\dlcjcoms.exe
O23 - Service: EasyHideIP - Unknown owner - C:\Program Files\Easy-Hide-IP\services\EasyHideIp.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: PCLEPCI - Pinnacle Systems GmbH - C:\WINDOWS\system32\drivers\pclepci.sys
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe

--
End of file - 9822 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 ISODrive (ISO DVD/CD-ROM Device Driver) - c:\program files\ultraiso\drivers\isodrive.sys <Not Verified; EZB Systems, Inc.; ISODrive>
R3 MarvinBus (Pinnacle Marvin Bus) - c:\windows\system32\drivers\marvinbus.sys <Not Verified; Pinnacle Systems GmbH; Pinnacle Marvin Discrete>
R3 pcouffin (VSO Software pcouffin) - c:\windows\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>

S3 TVICHW32 - c:\windows\system32\drivers\tvichw32.sys <Not Verified; EnTech Taiwan; TVicHW32 Generic Device Driver for Windows 95/98/ME/NT/2000/2003/XP/XP64>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 AdobeActiveFileMonitor4.0 (Adobe Active File Monitor V4) - c:\program files\adobe\photoshop elements 4.0\photoshopelementsfileagent.exe
R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 ProtexisLicensing - c:\windows\system32\psiservice.exe <Not Verified; ; PSIService>

S2 EasyHideIP - c:\program files\easy-hide-ip\services\easyhideip.exe
S2 PCLEPCI - c:\windows\system32\drivers\pclepci.sys <Not Verified; Pinnacle Systems GmbH; PCLEPCI>
S2 VETMSGNT (VET Message Service) -
S3 CaCCProvSP -


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-03-19 14:04:45 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2008-03-22 and 2008-04-22 -----------------------------

2008-04-22 01:41:19 25600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-04-22 01:41:19 289144 --a------ C:\WINDOWS\system32\VCCLSID.exe <Not Verified; S!Ri; >
2008-04-22 01:41:19 86528 --a------ C:\WINDOWS\system32\VACFix.exe <Not Verified; S!Ri.URZ; VACFix>
2008-04-22 01:41:19 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2008-04-22 01:41:19 53248 --a------ C:\WINDOWS\system32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>
2008-04-22 01:41:19 82432 --a------ C:\WINDOWS\system32\IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-04-22 01:41:19 51200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-04-21 12:38:23 0 d-------- C:\Program Files\PokerStars
2008-04-21 12:15:52 0 d-------- C:\Program Files\Holdem Indicator
2008-04-21 01:15:29 0 d-------- C:\Program Files\FitDay
2008-04-21 00:51:15 0 d-------- C:\Program Files\Big Clock Pro
2008-04-18 02:39:15 217127 --a------ C:\WINDOWS\system32\drv43260.dll <Not Verified; RealNetworks, Inc.; RealVideo 9 (32-bit)>
2008-04-18 02:39:15 208935 --a------ C:\WINDOWS\system32\drv33260.dll <Not Verified; RealNetworks, Inc.; RealVideo 8 (32-bit)>
2008-04-18 02:39:15 176165 --a------ C:\WINDOWS\system32\drv23260.dll <Not Verified; RealNetworks, Inc.; RealVideo G2 (32-bit)>
2008-04-18 02:39:15 65602 --a------ C:\WINDOWS\system32\cook3260.dll <Not Verified; RealNetworks, Inc.; RealPlayer 10>
2008-04-18 02:39:14 626688 --a------ C:\WINDOWS\system32\vp7vfw.dll <Not Verified; On2.com; On2_VP70>
2008-04-18 02:39:11 0 d-------- C:\Program Files\VSO
2008-04-18 02:18:21 383 --a------ C:\Documents and Settings\Bouscher\Application Data\iPodMusicLiberatorPrefsV4
2008-04-18 02:16:20 52 --ah----- C:\Documents and Settings\Bouscher\Application Data\iml_system_file
2008-04-18 02:14:51 0 d-------- C:\Program Files\iPod Music Liberator
2008-04-18 01:20:14 0 dr-h----- C:\Documents and Settings\Bouscher\Recent
2008-04-17 03:12:06 0 d-------- C:\Program Files\Enigma Software Group
2008-04-17 03:02:32 0 d-------- C:\Program Files\arswp
2008-04-17 01:54:11 0 d-------- C:\Program Files\Download Direct
2008-04-17 01:53:40 0 d--h----- C:\WINDOWS\PIF
2008-04-16 12:30:10 0 d-------- C:\Program Files\Easy DVD CD Burner
2008-04-16 09:37:26 0 d-------- C:\Program Files\Trend Micro
2008-04-16 02:11:58 0 d-------- C:\Program Files\Easy-Hide-IP
2008-04-16 02:06:55 0 d-------- C:\WINDOWS\One Million Recipes Mobile 2007
2008-04-16 02:06:55 0 d-------- C:\Program Files\Packard Mobile
2008-04-16 02:06:22 0 d-------- C:\Documents and Settings\Bouscher\Application Data\Mobipocket
2008-04-16 02:06:19 0 d-------- C:\Program Files\Mobipocket.com
2008-04-15 22:30:52 0 d-------- C:\Documents and Settings\Bouscher\Application Data\Morpheus Software
2008-04-15 11:48:12 0 d-------- C:\Documents and Settings\Bouscher\Application Data\CDBurnerXP_Soft
2008-04-15 11:47:53 0 d-------- C:\Program Files\CDBurnerXP
2008-04-15 02:45:19 0 d-------- C:\Documents and Settings\Bouscher\Application Data\ATI
2008-04-15 02:45:19 0 d-------- C:\Documents and Settings\All Users\Application Data\ATI
2008-04-15 02:43:35 0 --a------ C:\WINDOWS\ativpsrm.bin
2008-04-15 02:38:57 593920 --a------ C:\WINDOWS\system32\ati2sgag.exe <Not Verified; ; ATI Smart>
2008-04-15 02:37:37 0 d-------- C:\ATI
2008-04-15 02:28:43 0 d-------- C:\Documents and Settings\Bouscher\Application Data\Download Manager
2008-04-15 02:11:55 401408 --a------ C:\WINDOWS\system32\pvmjpg30.dll <Not Verified; Pegasus Imaging Corporation; PICVideo Codec Suite>
2008-04-15 02:11:47 44544 --a------ C:\WINDOWS\system32\msxml4a.dll <Not Verified; Microsoft Corporation; Microsoft® MSXML 4.0 SP1>
2008-04-15 02:11:12 184320 -----n--- C:\WINDOWS\system32\RALMain.dll <Not Verified; Pinnacle Systems GmbH; Register Abstraction Layer>
2008-04-15 02:11:12 73728 -----n--- C:\WINDOWS\system32\MMAviAx.dll <Not Verified; Pinnacle Systems GmbH; miroVIDEO MFP>
2008-04-15 02:11:12 32768 -----n--- C:\WINDOWS\system32\MLPagAx.dll <Not Verified; Pinnacle Systems GmbH; MLPag DLL>
2008-04-15 02:11:12 233472 -----n--- C:\WINDOWS\system32\DiskIO.dll <Not Verified; Pinnacle Systems GmbH; Media File Sequencer>
2008-04-15 02:11:12 41984 --a------ C:\WINDOWS\system32\cacheX.dll <Not Verified; Pinnacle Systems GmbH; Cache DLL>
2008-04-15 02:11:12 126976 -----n--- C:\WINDOWS\system32\AVIPrAx.dll <Not Verified; Pinnacle Systems GmbH; miroVIDEO AFP>
2008-04-15 02:11:05 884736 -----n--- C:\WINDOWS\system32\LMUIRes.dll <Not Verified; Fellowes, Inc.; MediaFACE>
2008-04-15 02:11:05 12288 -----n--- C:\WINDOWS\system32\LMLRes.dll <Not Verified; Fellowes, Inc.; MediaFACE>
2008-04-15 02:08:53 0 d-------- C:\Documents and Settings\NetworkService\My Documents
2008-04-15 02:08:53 0 d-------- C:\Documents and Settings\LocalService\My Documents
2008-04-15 02:08:53 0 d-------- C:\Documents and Settings\Administrator\My Documents
2008-04-15 02:07:51 138752 --a------ C:\WINDOWS\system32\mase32.dll
2008-04-15 02:07:51 57856 --a------ C:\WINDOWS\system32\masd32.dll
2008-04-15 02:07:51 136192 --a------ C:\WINDOWS\system32\mamc32.dll <Not Verified; ; MAMC32 Dynamic Link Library>
2008-04-15 02:07:51 196096 --a------ C:\WINDOWS\system32\macd32.dll <Not Verified; ; MACD32 Dynamic Link Library>
2008-04-15 02:07:51 27648 --a------ C:\WINDOWS\system32\ma32.dll
2008-04-15 02:06:13 14165 --a------ C:\WINDOWS\system32\drivers\Pclepci.sys <Not Verified; Pinnacle Systems GmbH; PCLEPCI>
2008-04-15 02:06:04 171520 --a------ C:\WINDOWS\system32\drivers\MarvinBus.sys <Not Verified; Pinnacle Systems GmbH; Pinnacle Marvin Discrete>
2008-04-15 02:05:56 41219 --a------ C:\WINDOWS\RSETPATH.exe <Not Verified; Pinnacle Systems; Pinnacle Systems RSETPATH>
2008-04-15 02:05:11 49152 --a------ C:\WINDOWS\system32\PCLEGetGuid.dll <Not Verified; Pinnacle Systems; Guid_dll>
2008-04-15 02:04:00 0 d-------- C:\Documents and Settings\All Users\Application Data\Pinnacle Studio
2008-04-15 01:58:17 0 d-------- C:\Documents and Settings\All Users\Application Data\Pinnacle
2008-04-15 01:58:14 0 d-------- C:\Program Files\Pinnacle
2008-04-15 01:17:25 0 d-------- C:\Documents and Settings\Bouscher\Application Data\Nero
2008-04-15 01:14:46 0 d-------- C:\Program Files\Nero
2008-04-15 01:14:46 0 d-------- C:\Program Files\Common Files\Nero
2008-04-15 01:14:46 0 d-------- C:\Documents and Settings\All Users\Application Data\Nero
2008-04-14 00:50:30 0 d-------- C:\Program Files\Common Files\EZB Systems
2008-04-14 00:50:29 0 d-------- C:\Program Files\UltraISO
2008-04-11 01:44:45 0 d-------- C:\Program Files\Intelore
2008-04-10 18:30:26 0 d-------- C:\WINDOWS\Downloaded Installations
2008-04-10 18:00:53 0 d-------- C:\Program Files\Sexy Poker 5
2008-04-09 22:08:59 0 d-------- C:\Program Files\Safari
2008-04-09 22:07:03 0 d-------- C:\Program Files\iPod
2008-04-09 22:05:57 0 d-------- C:\Program Files\iTunes
2008-04-09 21:56:42 0 d-------- C:\Program Files\Winamp
2008-04-09 21:56:42 0 d-------- C:\Documents and Settings\Bouscher\Application Data\Winamp
2008-04-08 12:00:39 0 d-------- C:\Documents and Settings\Bouscher\Application Data\FDRLab
2008-04-07 12:43:02 53248 --a------ C:\WINDOWS\PSEXESVC.EXE <Not Verified; Sysinternals; Sysinternals PsExec>
2008-04-07 02:09:15 68096 --a------ C:\WINDOWS\zip.exe
2008-04-07 02:09:15 49152 --a------ C:\WINDOWS\VFind.exe
2008-04-07 02:09:15 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-04-07 02:09:15 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-04-07 02:09:15 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-04-07 02:09:15 98816 --a------ C:\WINDOWS\sed.exe
2008-04-07 02:09:15 80412 --a------ C:\WINDOWS\grep.exe
2008-04-07 02:09:15 73728 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-04-04 02:28:10 0 d-------- C:\VueScan
2008-04-01 00:53:59 0 d-------- C:\Documents and Settings\Bouscher\Application Data\TVU Networks
2008-04-01 00:51:37 0 d-------- C:\Program Files\Satellite TV for PC
2008-03-31 00:28:18 0 d-------- C:\Documents and Settings\Bouscher\backups
2008-03-30 20:36:34 0 d-------- C:\Program Files\FireTune
2008-03-30 20:00:43 0 d-------- C:\WINDOWS\system32\SuperAdBlocker.com
2008-03-30 19:36:45 0 d--h----- C:\$AVG8.VAULT$
2008-03-30 18:33:17 0 d-------- C:\WINDOWS\system32\drivers\Avg
2008-03-30 18:33:17 0 d-------- C:\Documents and Settings\Bouscher\Application Data\AVGTOOLBAR
2008-03-30 18:33:09 0 d-------- C:\Program Files\AVG
2008-03-30 18:33:09 0 d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-03-27 19:25:15 0 d-------- C:\WINDOWS\ERUNT
2008-03-27 19:24:59 0 d-------- C:\Documents and Settings\Bouscher\backups_old
2008-03-27 19:24:22 0 d-------- C:\Documents and Settings\Bouscher\backups_old1
2008-03-27 19:23:46 0 d-------- C:\Documents and Settings\Bouscher\backups_old2
2008-03-27 19:13:55 0 d-------- C:\Documents and Settings\Bouscher\backups_old3
2008-03-27 19:13:55 0 d-------- C:\Documents and Settings\Bouscher\backupreg
2008-03-26 02:46:47 0 d-------- C:\Program Files\Sarm Software
2008-03-25 21:51:24 0 d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2008-03-25 21:24:50 0 d-------- C:\WINDOWS\BDOSCAN8
2008-03-25 19:54:49 0 d-------- C:\Documents and Settings\Bouscher\DoctorWeb
2008-03-25 19:26:00 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-03-25 19:25:56 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-03-25 19:25:56 0 d-------- C:\Documents and Settings\Bouscher\Application Data\SUPERAntiSpyware.com
2008-03-25 16:07:06 4340 --a------ C:\WINDOWS\system32\tmp.reg
2008-03-25 03:39:25 0 --a------ C:\WINDOWS\system32\SBRC.dat
2008-03-25 03:39:25 0 --a------ C:\WINDOWS\system32\SBFC.dat
2008-03-25 03:20:52 0 d-------- C:\Documents and Settings\Bouscher\Application Data\Sunbelt Software
2008-03-25 03:12:57 0 d-------- C:\Program Files\Sun
2008-03-25 03:09:41 0 d-------- C:\Program Files\Common Files\Java


-- Find3M Report ---------------------------------------------------------------

2008-04-21 16:25:00 0 d-------- C:\Program Files\Dl_cats
2008-04-18 04:09:45 0 d-------- C:\Documents and Settings\Bouscher\Application Data\Vso
2008-04-18 04:09:44 668 --a------ C:\Documents and Settings\Bouscher\Application Data\vso_ts_preview.xml
2008-04-17 23:17:14 0 d-------- C:\Program Files\Microsoft Silverlight
2008-04-17 02:51:15 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-04-15 02:41:04 0 d-------- C:\Program Files\ATI Technologies
2008-04-15 02:39:59 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-04-15 02:07:52 95 --a------ C:\AUTOEXEC.BAT
2008-04-15 01:14:46 0 d-------- C:\Program Files\Common Files
2008-04-10 18:44:56 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item0-4-10-2008_18-43-12_9440418.dnp
2008-04-10 18:44:56 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item0-4-10-2008_18-43-12_9293153.dnp
2008-04-10 18:44:56 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item0-4-10-2008_18-43-12_6943263.dnp
2008-04-10 18:44:56 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item0-4-10-2008_18-43-12_5174230.dnp
2008-04-10 18:44:56 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item0-4-10-2008_18-43-12_2390746.dnp
2008-04-10 18:44:56 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item0-4-10-2008_18-43-12_1733252.dnp
2008-04-10 18:44:56 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item0-4-10-2008_18-43-12_1199186.dnp
2008-04-10 18:44:48 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item0-4-10-2008_18-43-12_8931217.dnp
2008-04-10 18:44:48 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item0-4-10-2008_18-43-12_8050800.dnp
2008-04-10 18:44:48 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item0-4-10-2008_18-43-12_7987609.dnp
2008-04-10 18:44:48 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item0-4-10-2008_18-43-12_7534446.dnp
2008-04-10 18:44:48 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item0-4-10-2008_18-43-12_1939708.dnp
2008-04-10 18:44:48 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item0-4-10-2008_18-43-12_1601557.dnp
2008-04-10 18:44:38 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item0-4-10-2008_18-43-12_9726448.dnp
2008-04-10 18:44:38 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item0-4-10-2008_18-43-12_8849965.dnp
2008-04-10 18:44:38 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item0-4-10-2008_18-43-12_3858278.dnp
2008-04-10 18:44:38 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item0-4-10-2008_18-43-12_3271627.dnp
2008-04-10 18:44:38 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item0-4-10-2008_18-43-12_2004957.dnp
2008-04-10 18:44:37 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item0-4-10-2008_18-43-12_967881.dnp
2008-04-10 18:44:37 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item0-4-10-2008_18-43-12_8367837.dnp
2008-04-10 18:44:37 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item0-4-10-2008_18-43-12_8214780.dnp
2008-04-10 18:44:37 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item0-4-10-2008_18-43-12_8185698.dnp
2008-04-10 18:44:37 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item0-4-10-2008_18-43-12_754471.dnp
2008-04-10 18:44:37 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item0-4-10-2008_18-43-12_6913999.dnp
2008-04-10 18:44:37 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item0-4-10-2008_18-43-12_6167070.dnp
2008-04-10 18:44:37 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item0-4-10-2008_18-43-12_5839742.dnp
2008-04-10 18:44:37 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item0-4-10-2008_18-43-12_5431296.dnp
2008-04-10 18:44:37 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item0-4-10-2008_18-43-12_5278238.dnp
2008-04-10 18:44:37 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item0-4-10-2008_18-43-12_5176122.dnp
2008-04-10 18:44:37 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item0-4-10-2008_18-43-12_4232846.dnp
2008-04-10 18:44:37 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item0-4-10-2008_18-43-12_4059887.dnp
2008-04-10 18:44:37 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item0-4-10-2008_18-43-12_3258298.dnp
2008-04-10 18:44:37 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item0-4-10-2008_18-43-12_2915882.dnp
2008-04-10 18:44:37 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item0-4-10-2008_18-43-12_2761729.dnp
2008-04-10 18:44:37 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item0-4-10-2008_18-43-12_2113198.dnp
2008-04-10 18:44:37 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item0-4-10-2008_18-43-12_1958829.dnp
2008-04-10 18:44:37 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item0-4-10-2008_18-43-12_1223270.dnp
2008-04-10 18:44:37 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item0-4-10-2008_18-43-12_1123345.dnp
2008-04-10 18:44:32 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item0-4-10-2008_18-43-12_8551320.dnp
2008-04-10 18:44:32 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item0-4-10-2008_18-43-12_4853309.dnp
2008-04-10 18:44:16 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item0-4-10-2008_18-43-12_3940326.dnp
2008-04-10 18:44:16 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item0-4-10-2008_18-43-12_3025798.dnp
2008-04-10 18:44:15 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item0-4-10-2008_18-43-12_9811042.dnp
2008-04-10 18:44:15 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item0-4-10-2008_18-43-12_9456492.dnp
2008-04-10 18:44:15 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item0-4-10-2008_18-43-12_9361049.dnp
2008-04-10 18:44:15 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item0-4-10-2008_18-43-12_5177623.dnp
2008-04-10 18:44:15 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item0-4-10-2008_18-43-12_3235416.dnp
2008-04-10 18:44:05 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item0-4-10-2008_18-43-12_7747100.dnp
2008-04-10 18:44:05 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item0-4-10-2008_18-43-12_6251714.dnp
2008-04-10 18:44:05 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item0-4-10-2008_18-43-12_5504022.dnp
2008-04-10 18:44:04 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item0-4-10-2008_18-43-12_7477618.dnp
2008-04-10 18:44:04 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item0-4-10-2008_18-43-12_6409486.dnp
2008-04-10 18:44:04 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item0-4-10-2008_18-43-12_1683794.dnp
2008-04-10 18:43:43 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item0-4-10-2008_18-43-12_8719538.dnp
2008-04-10 18:43:43 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item0-4-10-2008_18-43-12_4779915.dnp
2008-04-10 18:43:43 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item0-4-10-2008_18-43-12_4572082.dnp
2008-04-10 18:43:43 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item0-4-10-2008_18-43-12_3213139.dnp
2008-04-10 18:43:42 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item0-4-10-2008_18-43-12_8293165.dnp
2008-04-10 18:43:42 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item0-4-10-2008_18-43-12_8276334.dnp
2008-04-10 18:43:42 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item0-4-10-2008_18-43-12_7695144.dnp
2008-04-10 18:43:42 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item0-4-10-2008_18-43-12_7422044.dnp
2008-04-10 18:43:42 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item0-4-10-2008_18-43-12_7130138.dnp
2008-04-10 18:43:42 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item0-4-10-2008_18-43-12_6767388.dnp
2008-04-10 18:43:42 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item0-4-10-2008_18-43-12_6749461.dnp
2008-04-10 18:43:42 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item0-4-10-2008_18-43-12_6685174.dnp
2008-04-10 18:43:42 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item0-4-10-2008_18-43-12_5948304.dnp
2008-04-10 18:43:42 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item0-4-10-2008_18-43-12_5498095.dnp
2008-04-10 18:43:42 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item0-4-10-2008_18-43-12_5142781.dnp
2008-04-10 18:43:42 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item0-4-10-2008_18-43-12_4868802.dnp
2008-04-10 18:43:42 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item0-4-10-2008_18-43-12_4799054.dnp
2008-04-10 18:43:42 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item0-4-10-2008_18-43-12_4703062.dnp
2008-04-10 18:43:42 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item0-4-10-2008_18-43-12_3795640.dnp
2008-04-10 18:43:42 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item0-4-10-2008_18-43-12_3794329.dnp
2008-04-10 18:43:42 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item0-4-10-2008_18-43-12_3522324.dnp
2008-04-10 18:43:42 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item0-4-10-2008_18-43-12_3045873.dnp
2008-04-10 18:43:42 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item0-4-10-2008_18-43-12_1431541.dnp
2008-04-10 18:43:41 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item0-4-10-2008_18-43-12_405836.dnp
2008-04-10 18:43:41 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item0-4-10-2008_18-43-12_3143839.dnp
2008-04-10 18:43:31 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item0-4-10-2008_18-43-12_3327455.dnp
2008-04-10 18:43:31 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item0-4-10-2008_18-43-12_1471179.dnp
2008-04-10 18:40:49 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item0-4-10-2008_18-38-54_9080648.dnp
2008-04-10 18:40:49 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item0-4-10-2008_18-38-54_1242833.dnp
2008-04-10 18:40:48 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item0-4-10-2008_18-38-54_821821.dnp
2008-04-10 18:40:48 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item0-4-10-2008_18-38-54_7377878.dnp
2008-04-10 18:40:48 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item0-4-10-2008_18-38-54_5801590.dnp
2008-04-10 18:40:48 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item0-4-10-2008_18-38-54_2744459.dnp
2008-04-10 18:40:48 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item0-4-10-2008_18-38-54_2048588.dnp
2008-04-10 18:40:40 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item0-4-10-2008_18-38-54_9472561.dnp
2008-04-10 18:40:40 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item0-4-10-2008_18-38-54_8875304.dnp
2008-04-10 18:40:40 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item0-4-10-2008_18-38-54_7354008.dnp
2008-04-10 18:40:40 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item0-4-10-2008_18-38-54_6606316.dnp
2008-04-10 18:40:40 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item0-4-10-2008_18-38-54_5586835.dnp
2008-04-10 18:40:40 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item0-4-10-2008_18-38-54_2743330.dnp
2008-04-10 18:40:30 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item0-4-10-2008_18-38-54_690241.dnp
2008-04-10 18:40:30 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item0-4-10-2008_18-38-54_6846267.dnp
2008-04-10 18:40:30 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item0-4-10-2008_18-38-54_3137982.dnp
2008-04-10 18:40:30 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item0-4-10-2008_18-38-54_1663478.dnp
2008-04-10 18:40:29 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item0-4-10-2008_18-38-54_9860441.dnp
2008-04-10 18:40:29 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item0-4-10-2008_18-38-54_8697630.dnp
2008-04-10 18:40:29 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item0-4-10-2008_18-38-54_7629282.dnp
2008-04-10 18:40:29 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item0-4-10-2008_18-38-54_7622941.dnp
2008-04-10 18:40:29 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item0-4-10-2008_18-38-54_7166823.dnp
2008-04-10 18:40:29 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item0-4-10-2008_18-38-54_6377916.dnp
2008-04-10 18:40:29 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item0-4-10-2008_18-38-54_6040313.dnp
2008-04-10 18:40:29 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item0-4-10-2008_18-38-54_5678874.dnp
2008-04-10 18:40:29 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item0-4-10-2008_18-38-54_5369257.dnp
2008-04-10 18:40:29 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item0-4-10-2008_18-38-54_5298630.dnp
2008-04-10 18:40:29 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item0-4-10-2008_18-38-54_5191052.dnp
2008-04-10 18:40:29 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item0-4-10-2008_18-38-54_5107744.dnp
2008-04-10 18:40:29 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item0-4-10-2008_18-38-54_4828302.dnp
2008-04-10 18:40:29 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item0-4-10-2008_18-38-54_4776266.dnp
2008-04-10 18:40:29 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item0-4-10-2008_18-38-54_444480.dnp
2008-04-10 18:40:29 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item0-4-10-2008_18-38-54_4300910.dnp
2008-04-10 18:40:29 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item0-4-10-2008_18-38-54_3778977.dnp
2008-04-10 18:40:29 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item0-4-10-2008_18-38-54_2306548.dnp
2008-04-10 18:40:29 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item0-4-10-2008_18-38-54_2140810.dnp
2008-04-10 18:40:29 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item0-4-10-2008_18-38-54_171380.dnp
2008-04-10 18:40:28 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item0-4-10-2008_18-38-54_9304847.dnp
2008-04-10 18:40:24 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item0-4-10-2008_18-38-54_7336529.dnp
2008-04-10 18:40:24 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item0-4-10-2008_18-38-54_4666199.dnp
2008-04-10 18:40:04 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item0-4-10-2008_18-38-54_9708214.dnp
2008-04-10 18:40:04 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item0-4-10-2008_18-38-54_7678762.dnp
2008-04-10 18:40:03 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item0-4-10-2008_18-38-54_8095310.dnp
2008-04-10 18:40:03 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item0-4-10-2008_18-38-54_6556303.dnp
2008-04-10 18:40:03 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item0-4-10-2008_18-38-54_652495.dnp
2008-04-10 18:40:03 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item0-4-10-2008_18-38-54_4390958.dnp
2008-04-10 18:40:03 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item0-4-10-2008_18-38-54_254324.dnp
2008-04-10 18:39:52 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item0-4-10-2008_18-38-54_6414158.dnp
2008-04-10 18:39:52 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item0-4-10-2008_18-38-54_5991935.dnp
2008-04-10 18:39:52 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item0-4-10-2008_18-38-54_5844670.dnp
2008-04-10 18:39:52 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item0-4-10-2008_18-38-54_5025586.dnp
2008-04-10 18:39:52 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item0-4-10-2008_18-38-54_3717918.dnp
2008-04-10 18:39:52 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item0-4-10-2008_18-38-54_3494780.dnp
2008-04-10 18:39:31 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item0-4-10-2008_18-38-54_7603578.dnp
2008-04-10 18:39:31 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item0-4-10-2008_18-38-54_5099318.dnp
2008-04-10 18:39:31 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item0-4-10-2008_18-38-54_4737116.dnp
2008-04-10 18:39:31 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item0-4-10-2008_18-38-54_4148822.dnp
2008-04-10 18:39:30 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item0-4-10-2008_18-38-54_9921117.dnp
2008-04-10 18:39:30 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item0-4-10-2008_18-38-54_9884384.dnp
2008-04-10 18:39:30 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item0-4-10-2008_18-38-54_98236.dnp
2008-04-10 18:39:30 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item0-4-10-2008_18-38-54_9783579.dnp
2008-04-10 18:39:30 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item0-4-10-2008_18-38-54_9348674.dnp
2008-04-10 18:39:30 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item0-4-10-2008_18-38-54_8614211.dnp
2008-04-10 18:39:30 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item0-4-10-2008_18-38-54_8233750.dnp
2008-04-10 18:39:30 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item0-4-10-2008_18-38-54_8127701.dnp
2008-04-10 18:39:30 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item0-4-10-2008_18-38-54_7647100.dnp
2008-04-10 18:39:30 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item0-4-10-2008_18-38-54_6667522.dnp
2008-04-10 18:39:30 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item0-4-10-2008_18-38-54_6060753.dnp
2008-04-10 18:39:30 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item0-4-10-2008_18-38-54_5082487.dnp
2008-04-10 18:39:30 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item0-4-10-2008_18-38-54_4638619.dnp
2008-04-10 18:39:30 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item0-4-10-2008_18-38-54_4418868.dnp
2008-04-10 18:39:30 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item0-4-10-2008_18-38-54_1855135.dnp
2008-04-10 18:39:29 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item0-4-10-2008_18-38-54_9445329.dnp
2008-04-10 18:39:29 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item0-4-10-2008_18-38-54_8940892.dnp
2008-04-10 18:39:29 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item0-4-10-2008_18-38-54_8228074.dnp
2008-04-10 18:39:29 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item0-4-10-2008_18-38-54_7617587.dnp
2008-04-10 18:39:29 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item0-4-10-2008_18-38-54_7314094.dnp
2008-04-10 18:39:29 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item0-4-10-2008_18-38-54_6129638.dnp
2008-04-10 18:39:19 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item0-4-10-2008_18-38-54_9376211.dnp
2008-04-10 18:39:19 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item0-4-10-2008_18-38-54_5199126.dnp
2008-04-10 18:20:57 0 d-------- C:\Program Files\Your Uninstaller 2008
2008-04-09 22:03:02 0 d-------- C:\Program Files\QuickTime
2008-04-08 20:56:10 0 d-------- C:\Program Files\Avant Browser
2008-04-02 17:09:46 0 d-------- C:\Documents and Settings\Bouscher\Application Data\Apple Computer
2008-04-02 08:21:23 0 d-------- C:\Documents and Settings\Bouscher\Application Data\Simply Super Software
2008-04-01 10:50:39 4212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2008-03-30 20:36:25 737280 --a------ C:\WINDOWS\iun6002.exe <Not Verified; Indigo Rose Corporation; Setup Factory 6.0 Runtime Module>
2008-03-30 20:00:44 5173 --a------ C:\WINDOWS\mozver.dat
2008-03-26 02:24:45 0 d-------- C:\Documents and Settings\Bouscher\Application Data\Hide IP NG
2008-03-25 03:12:46 0 d-------- C:\Program Files\Java
2008-03-25 02:43:03 0 d-------- C:\Program Files\Digital Locker Assistant
2008-03-21 12:05:16 0 d-------- C:\Documents and Settings\Bouscher\Application Data\Snapfish
2008-03-19 22:03:28 0 d-------- C:\Program Files\SiteChallenge
2008-03-19 21:52:45 73216 --a------ C:\WINDOWS\ST6UNST.EXE <Not Verified; Microsoft Corporation; Microsoft® Visual Basic for Windows>
2008-03-19 14:04:40 0 d-------- C:\Program Files\Apple Software Update
2008-03-19 14:04:17 0 d-------- C:\Program Files\Common Files\Apple
2008-03-19 02:59:40 0 d-------- C:\Program Files\DivX
2008-03-19 02:52:24 0 d-------- C:\Program Files\XP Codec Pack
2008-03-18 22:33:01 0 d-------- C:\Documents and Settings\Bouscher\Application Data\HideIP
2008-03-18 22:05:02 32 --a------ C:\WINDOWS\do
2008-03-18 17:49:35 2516 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2008-03-18 17:49:27 0 d-------- C:\Documents and Settings\Bouscher\Application Data\Corel
2008-03-18 17:48:51 88 -r-hs---- C:\WINDOWS\system32\8FA4C4CE32.sys
2008-03-14 22:23:19 0 d-------- C:\Documents and Settings\Bouscher\Application Data\GARMIN
2008-03-13 12:27:51 0 d-------- C:\Documents and Settings\Bouscher\Application Data\Avant Profiles
2008-03-13 10:17:08 0 d-------- C:\Documents and Settings\Bouscher\Application Data\Mozilla
2008-03-13 07:14:07 0 d-------- C:\Program Files\Movie Maker
2008-03-13 07:14:05 0 d-------- C:\Program Files\Messenger
2008-03-13 07:14:04 0 d-------- C:\Program Files\Recipes Galore 5.0
2008-03-13 07:14:03 0 d-------- C:\Program Files\Windows Media Connect 2
2008-03-13 07:14:01 0 d-------- C:\Program Files\FinalBurner
2008-03-13 00:49:01 0 d-------- C:\Program Files\Safer Networking
2008-03-07 12:05:59 0 d-------- C:\Program Files\Common Files\AVSMedia
2008-03-07 12:04:59 0 d-------- C:\Program Files\AVSMedia
2008-03-06 03:16:54 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2008-03-05 00:55:25 0 d-------- C:\Program Files\Common Files\xing shared
2008-03-05 00:55:03 0 d-------- C:\Program Files\Common Files\Real
2008-03-01 01:33:48 0 d-------- C:\Documents and Settings\Bouscher\Application Data\URSoft
2008-02-29 10:48:45 0 d-------- C:\Documents and Settings\Bouscher\Application Data\AVSMedia
2008-02-29 10:20:42 0 d-------- C:\Documents and Settings\Bouscher\Application Data\Reallusion
2008-02-29 10:20:41 0 d-------- C:\Documents and Settings\Bouscher\Application Data\tmp
2008-02-29 08:41:06 0 d-------- C:\Documents and Settings\Bouscher\Application Data\ScanSoft
2008-02-28 11:42:40 0 d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-02-27 14:04:45 0 d-------- C:\Program Files\ScanSoft
2008-02-27 13:56:14 0 d-------- C:\Documents and Settings\Bouscher\Application Data\Zeon
2008-02-27 13:51:27 0 d-------- C:\Program Files\Common Files\ScanSoft Shared
2008-02-27 13:44:22 0 d-------- C:\Program Files\Common Files\InstallShield
2008-02-25 21:46:42 0 d-------- C:\Documents and Settings\Bouscher\Application Data\Adobe
2008-02-25 21:28:09 0 d-------- C:\Documents and Settings\Bouscher\Application Data\Opera
2008-02-25 21:01:57 0 d-------- C:\Documents and Settings\Bouscher\Application Data\Sun
2008-02-25 20:34:04 0 d-------- C:\Program Files\Common Files\Adobe
2008-02-25 20:00:59 0 d-------- C:\Documents and Settings\Bouscher\Application Data\Thinstall
2008-02-25 02:32:20 0 d-------- C:\Program Files\Alcohol Soft
2008-02-25 02:27:58 0 d-------- C:\Program Files\CCleaner
2008-02-24 17:52:00 0 d-------- C:\Program Files\Recosoft PDF2Office
2008-02-24 17:46:07 0 d-------- C:\Program Files\Softland
2008-02-24 17:42:14 0 d-------- C:\Program Files\DynamicPhotoHDR
2008-02-19 04:18:49 34 --a------ C:\Documents and Settings\Bouscher\Application Data\pcouffin.log
2008-02-19 04:18:44 47360 --a------ C:\Documents and Settings\Bouscher\Application Data\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
2008-02-19 04:18:44 1144 --a------ C:\Documents and Settings\Bouscher\Application Data\pcouffin.inf
2008-02-19 04:18:44 7887 --a------ C:\Documents and Settings\Bouscher\Application Data\pcouffin.cat
2008-02-15 23:26:06 75 -r-hs---- C:\WINDOWS\CT4CET.bin
2008-02-13 14:15:18 2528 --a------ C:\Documents and Settings\Bouscher\Application Data\$_hpcst$.hpc
2008-02-12 17:58:11 22720 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-02-12 14:37:03 0 --a------ C:\WINDOWS\nsreg.dat
2008-02-12 14:18:43 10366 --a------ C:\Documents and Settings\Bouscher\Application Data\Comma Separated Values (Windows).EML
2008-02-11 17:27:04 0 -rahs---- C:\MSDOS.SYS
2008-02-11 17:27:04 0 -rahs---- C:\IO.SYS
2008-02-11 17:27:04 0 --a------ C:\CONFIG.SYS
2008-02-11 12:17:12 62 --ahs---- C:\Documents and Settings\Bouscher\Application Data\desktop.ini


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
03/30/2008 06:33 PM 2051328 --a------ C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{A057A204-BACC-4D26-9990-79A187E2698E}"= C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [03/30/2008 06:33 PM 2051328]

[-HKEY_CLASSES_ROOT\CLSID\{A057A204-BACC-4D26-9990-79A187E2698E}]
[HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MemoryCardManager"="F" []
"dlcjmon.exe"="C:\Program Files\Dell Photo AIO Printer 964\dlcjmon.exe" [08/12/2005 04:47 PM]
"DELL Webcam Manager"="C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" [07/27/2007 05:43 PM]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [08/25/2004 12:52 PM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 11:16 PM]
"DLCJCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCJtime.dll" [08/15/2005 01:40 PM]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [02/16/2005 05:15 PM]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [02/16/2005 05:15 PM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [03/05/2008 12:54 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 04:25 AM]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [03/30/2008 06:33 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [03/28/2008 11:37 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [03/30/2008 10:36 AM]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [01/21/2008 12:17 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/03/2004 09:07 PM]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [11/13/2006 02:39 PM]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [01/28/2008 11:43 AM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2/17/1999 4:05:56 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 nwprovau

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OEM05Mon.exe]
C:\WINDOWS\OEM05Mon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpAgent]
"OpAgent.exe" /agent

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue RegistryBooster 2]
C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"vsmon"=2 (0x2)

*Newly Created Service* - PROCEXP111



-- Hosts -----------------------------------------------------------------------

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

8388 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2008-04-22 02:06:32 ------------








Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® 4 CPU 3.20GHz
CPU 1: Intel® Pentium® 4 CPU 3.20GHz
Percentage of Memory in Use: 55%
Physical Memory (total/avail): 1023 MiB / 450.34 MiB
Pagefile Memory (total/avail): 2461.09 MiB / 1899.29 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1918.98 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 127.99 GiB total, 67.71 GiB free.
D: is CDROM (No Media)
F: is Fixed (FAT32) - 465.65 GiB total, 317.44 GiB free.
G: is Removable (No Media)
H: is CDROM (No Media)
I: is Removable (No Media)

\\.\PHYSICALDRIVE0 - Maxtor 7Y250M0 - 232.83 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 127.99 GiB - C:

\\.\PHYSICALDRIVE3 - Generic STORAGE DEVICE USB Device

\\.\PHYSICALDRIVE2 - Multi Flash Reader USB Device

\\.\PHYSICALDRIVE1 - WD 5000AAKS Externa USB Device - 465.76 GiB - 1 partition
\PARTITION0 - Unknown - 465.76 GiB - F:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.

AV: AVG Anti-Virus v8.0 (AVG Technologies)
AV: CA Anti-Virus v8.4.0.28 (CA, Inc.)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:*:Enabled:ActiveSync RAPI Manager"
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"="C:\\Program Files\\AVG\\AVG8\\avgupd.exe:*:Enabled:avgupd.exe"
"C:\\Program Files\\AVG\\AVG8\\avgnsx.exe"="C:\\Program Files\\AVG\\AVG8\\avgnsx.exe:*:Enabled:avgnsx.exe"
"C:\\Program Files\\Microsoft Office\\Office12\\WINWORD.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\WINWORD.EXE:*:Enabled:Microsoft Office Word"
"C:\\Program Files\\Recosoft PDF2Office\\PDF2Office v4.0\\PDF2OfficeDesktopServer.exe"="C:\\Program Files\\Recosoft PDF2Office\\PDF2Office v4.0\\PDF2OfficeDesktopServer.exe:*:Enabled:PDF2OfficeDesktopServer"
"C:\\Program Files\\Recosoft PDF2Office\\PDF2Office v4.0\\PDF2OfficeOpen.exe"="C:\\Program Files\\Recosoft PDF2Office\\PDF2Office v4.0\\PDF2OfficeOpen.exe:*:Enabled:PDF2OfficeDirectOpen"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Pinnacle\\Studio 11\\programs\\RM.exe"="C:\\Program Files\\Pinnacle\\Studio 11\\programs\\RM.exe:*:Enabled:Render Manager"
"C:\\Program Files\\Pinnacle\\Studio 11\\programs\\Studio.exe"="C:\\Program Files\\Pinnacle\\Studio 11\\programs\\Studio.exe:*:Enabled:Studio"
"C:\\Program Files\\Pinnacle\\Studio 11\\programs\\PMSRegisterFile.exe"="C:\\Program Files\\Pinnacle\\Studio 11\\programs\\PMSRegisterFile.exe:*:Enabled:PMSRegisterFile"
"C:\\Program Files\\Pinnacle\\Studio 11\\programs\\umi.exe"="C:\\Program Files\\Pinnacle\\Studio 11\\programs\\umi.exe:*:Enabled:umi"
"C:\\Program Files\\Microsoft Office\\Office12\\POWERPNT.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\POWERPNT.EXE:*:Enabled:Microsoft Office PowerPoint"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Bouscher\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=DELL-8300
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Bouscher
LOGONSERVER=\\DELL-8300
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\Tcl\bin;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\Common Files\Sonic Shared;;C:\Program Files\QuickTime\QTSystem;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\Pinnacle\Shared Files;C:\Program Files\Pinnacle\Shared Files\Filter
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.tcl
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 5, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0205
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Bouscher\LOCALS~1\Temp
TMP=C:\DOCUME~1\Bouscher\LOCALS~1\Temp
USERDOMAIN=DELL-8300
USERNAME=Bouscher
USERPROFILE=C:\Documents and Settings\Bouscher
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Bouscher (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
Apple Mobile Device Support --> MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
ARSwp For Windows2.7.0.8.0415 --> "C:\Program Files\arswp\unins000.exe"
ATI - Software Uninstall Utility --> C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Catalyst Control Center --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{055EE59D-217B-43A7-ABFF-507B966405D8}\setup.exe" -l0x0
ATI Control Panel --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
Avant Browser (remove only) --> "C:\Program Files\Avant Browser\uninst.exe"
AVG 8.0 --> C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
Big Clock Pro 1.0 --> "C:\Program Files\Big Clock Pro\unins000.exe"
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
CDBurnerXP --> "C:\Program Files\CDBurnerXP\unins000.exe"
ConvertXtoDVD 3.0.0.1 --> "C:\Program Files\VSO\ConvertX\3\unins000.exe"
Dell Photo AIO Printer 964 --> C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\dlcjUNST.EXE -NOLICENSE
Digital Locker Assistant --> MsiExec.exe /I{D01653EF-9F9F-41D6-B879-654A6BF5892C}
DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Converter --> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DriverAgent Plugin for Netscape by TouchStone Software --> RunDll32.exe advpack.dll, LaunchINFSection driveragent_np.inf,TVICHW32Remove
Easy-Hide-IP 1.6 --> "C:\Program Files\Easy-Hide-IP\unins000.exe"
Easy DVD/CD Burner --> C:\PROGRA~1\EASYDV~1\UNWISE.EXE C:\PROGRA~1\EASYDV~1\INSTALL.LOG
ESPN Java Check --> C:\WINDOWS\system32\javaws.exe -uninstall -prompt "http://games.espn.go.com/s/flblm/07/livedraft/jws-check.jarjnlp"
FileAlyzer --> "C:\Program Files\Safer Networking\FileAlyzer\unins000.exe"
FireTune --> C:\WINDOWS\iun6002.exe "C:\Program Files\FireTune\irunin.ini"
FitDay --> "C:\Program Files\FitDay\unins000.exe"
Free Games Offer, Desktop Shortcut --> MsiExec.exe /X{31DABA20-10A1-4746-9D9F-57955B8DFF66}
Garmin MapSource --> MsiExec.exe /X{CF07A1C9-098F-47DD-99E0-B6558C33871B}
HijackThis 2.0.2 --> "C:\Documents and Settings\Bouscher\Desktop\HijackThis.exe" /uninstall
Holdem Indicator 1.4.4 --> "C:\Program Files\Holdem Indicator\unins000.exe"
iPod Music Liberator 4.7 --> "C:\Program Files\iPod Music Liberator\unins000.exe"
iTunes --> MsiExec.exe /I{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}
Java DB 10.3.1.4 --> MsiExec.exe /X{CD49361E-3FE6-457E-90A1-9C59E29B5D02}
Java™ 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java™ SE Development Kit 6 Update 5 --> MsiExec.exe /I{32A3A4F4-B792-11D6-A78A-00B0D0160050}
MeridianLink Site Security Certificate --> C:\PROGRA~1\SITECH~1\UNWISE.EXE C:\PROGRA~1\SITECH~1\INSTALL.LOG
Microsoft Office Professional Plus 2007 --> MsiExec.exe /X{90120000-0011-0000-0000-0000000FF1CE}
Microsoft Silverlight --> MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Mobipocket Reader 6.0 --> MsiExec.exe /I{3B9EF902-F253-4B0A-9EA8-6596BBCB6B28}
Mobipocket Reader 6.0 --> MsiExec.exe /I{ED386A62-2BA2-4544-A723-5DFFDC283F6A}
Mozilla Firefox (2.0.0.14) --> C:\PROGRA~1\Mozilla Firefox\uninstall\helper.exe
neroxml --> MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
Pinnacle Instant DVD Recorder --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EF781A5C-58F5-4BFD-87F9-E4F14D382F25}\setup.exe" -l0x9 UNINSTALL
PokerStars --> "C:\Program Files\PokerStars\PokerStarsUninstall.exe" /u:PokerStars
QuickTime --> MsiExec.exe /I{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}
RapidShare Manager --> rundll32.exe dfshim.dll,ShArpMaintain RapidShareManager.application, Culture=neutral, PublicKeyToken=c14d24c3c9280019, processorArchitecture=msil
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
RegAlyzer --> "C:\Program Files\Safer Networking\RegAlyzer\unins000.exe"
RunAlyzer --> "C:\Program Files\Safer Networking\RunAlyzer\unins000.exe"
Safari --> MsiExec.exe /I{F0E8F94D-6E68-4B35-92DF-3AA6DC6A6768}
Sarmsoft Resume Builder --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{748D56F4-F3B5-4A9C-BCEF-5D4CD33C87E5} /l1033
ScanSoft OmniPage 16 --> MsiExec.exe /I{DF74C7BA-5C9F-4F17-8B6F-5ECE08280F34}
ScanSoft PDF Create! 4 --> MsiExec.exe /I{67EC0AB2-8CF7-4415-9F70-7FBC593C0D5E}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Sexy Poker 5 --> C:\PROGRA~1\SEXYPO~1\UNWISE.EXE C:\PROGRA~1\SEXYPO~1\INSTALL.LOG
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Studio 11 --> C:\Program Files\InstallShield Installation Information\{110B1ADF-2EAE-4E8F-B501-D2A1E6D8ED9D}\Setup2.exe -runfromtemp -l0x0009 UNINSTALL -removeonly
UltraISO Premium V9.12 --> "C:\Program Files\UltraISO\unins000.exe"
Winamp --> "C:\Program Files\Winamp\UninstWA.exe"
WinZip 11.1 --> MsiExec.exe /X{CD95F661-A5C4-44F5-A6AA-ECDD91C240B5}
XP Codec Pack --> C:\Program Files\XP Codec Pack\Uninstall.exe
Yahoo! Desktop Login --> MsiExec.exe /I{F9AEEC34-CF00-4CBD-9E36-DF9DC4002685}
Your Uninstaller! 2008 Version 6.0 --> "C:\Program Files\Your Uninstaller 2008\unins000.exe"


-- Application Event Log -------------------------------------------------------

Event Record #/Type2493 / Error
Event Submitted/Written: 04/22/2008 00:59:48 AM
Event ID/Source: 1001 / Application Error
Event Description:
Fault bucket 726503031.
The Wep key exchange did not result in a secure connection setup after 802.1x authentication. The current setting has been marked as failed and the Wireless connection will be disconnected.

Event Record #/Type2492 / Error
Event Submitted/Written: 04/22/2008 00:59:44 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application firefox.exe, version 1.8.20080.40413, faulting module xpcom_core.dll, version 1.8.20080.40413, fault address 0x0000179e.
Processing media-specific event for [firefox.exe!ws!]

Event Record #/Type2491 / Error
Event Submitted/Written: 04/22/2008 00:40:47 AM
Event ID/Source: 1001 / Application Hang
Event Description:
Fault bucket 713234062.

Event Record #/Type2490 / Error
Event Submitted/Written: 04/22/2008 00:40:36 AM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application firefox.exe, version 1.8.20080.40413, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type2489 / Error
Event Submitted/Written: 04/22/2008 00:39:30 AM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application firefox.exe, version 1.8.20080.40413, hang module hungapp, version 0.0.0.0, hang address 0x00000000.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type9638 / Error
Event Submitted/Written: 04/21/2008 10:55:51 AM
Event ID/Source: 7026 / Service Control Manager
Event Description:
The following boot-start or system-start driver(s) failed to load:
SASDIFSV
SASKUTIL

Event Record #/Type9637 / Error
Event Submitted/Written: 04/21/2008 10:55:42 AM
Event ID/Source: 7003 / Service Control Manager
Event Description:
The VET Message Service service depends on the following nonexistent service: CAISafe

Event Record #/Type9610 / Error
Event Submitted/Written: 04/20/2008 10:39:15 PM
Event ID/Source: 7026 / Service Control Manager
Event Description:
The following boot-start or system-start driver(s) failed to load:
SASDIFSV
SASKUTIL

Event Record #/Type9609 / Error
Event Submitted/Written: 04/20/2008 10:39:05 PM
Event ID/Source: 7003 / Service Control Manager
Event Description:
The VET Message Service service depends on the following nonexistent service: CAISafe

Event Record #/Type9602 / Warning
Event Submitted/Written: 04/18/2008 01:11:21 PM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.



-- End of Deckard's System Scanner: finished at 2008-04-22 02:06:32 ------------
Persistence is the twin sister of excellence. One is a matter of quality; the other a matter of time.

BC AdBot (Login to Remove)

 


#2 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:08:34 AM

Posted 03 May 2008 - 11:06 AM

Hello bb0bbby,

Welcome to Bleeping Computer :blink:

Sorry about the delay.:thumbsup: If you still need help, please post a new HijackThis log to make sure nothing has changed, and I'll be happy to look at it for you.

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#3 bb0bbby

bb0bbby
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cbus, OH
  • Local time:08:34 AM

Posted 05 May 2008 - 01:54 AM

Thanks for the reply...here's my hjthis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:52:55 AM, on 05/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Dell Photo AIO Printer 964\dlcjmon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Bouscher\Desktop\TuneUpPortable\App\TuneUp\MemOptimizer.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\dlcjcoms.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Documents and Settings\Bouscher\Desktop\MemoriesOnTV4\MemoriesOnTV4.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Bouscher\Desktop\hjtis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: AVGTOOLBAR - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: AVGTOOLBAR - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O4 - HKLM\..\Run: [dlcjmon.exe] "C:\Program Files\Dell Photo AIO Printer 964\dlcjmon.exe"
O4 - HKLM\..\Run: [DELL Webcam Manager] "C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" /s
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [DLCJCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCJtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKCU\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Documents and Settings\Bouscher\Desktop\TuneUpPortable\App\TuneUp\MemOptimizer.exe" autostart
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {10E0E75E-6701-4134-9D95-C0942ED1F1C8} - http://www2.snapfish.com/SnapfishOutlookImport.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - http://www2.snapfish.com/SnapfishActivia.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1202768279953
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1202855703359
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {D00E9550-440D-4EF8-BFCE-174300890C05} (DMList Class) - http://www.gomusic.ru/cabs/xdownloader.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/shock...ash/swflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: dlcj_device - Unknown owner - C:\WINDOWS\system32\dlcjcoms.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe

--
End of file - 9572 bytes
Persistence is the twin sister of excellence. One is a matter of quality; the other a matter of time.

#4 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:08:34 AM

Posted 05 May 2008 - 11:09 AM

Hello,

What happened to your AntiVirus? :thumbsup:

Please download Malwarebytes' Anti-Malware from one of these places:
http://www.majorgeeks.com/Malwarebytes_Ant...ware_d5756.html
http://www.besttechie.net/tools/mbam-setup.exe

Double Click mbam-setup.exe to install the application.

* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select "Perform Quick Scan", then click Scan.
* The scan may take some time to finish,so please be patient.
* When the scan is complete, click OK, then Show Results to view the results.
* Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
* The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
* Copy&Paste the entire report in your next reply along with a fresh HijackThis log.


Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#5 bb0bbby

bb0bbby
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cbus, OH
  • Local time:08:34 AM

Posted 05 May 2008 - 11:11 AM

Thank you,

Will do !
]
Persistence is the twin sister of excellence. One is a matter of quality; the other a matter of time.

#6 bb0bbby

bb0bbby
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cbus, OH
  • Local time:08:34 AM

Posted 05 May 2008 - 11:14 AM

re: where is your antivirus ?

I have AVG....is it not showing up correctly ?
Persistence is the twin sister of excellence. One is a matter of quality; the other a matter of time.

#7 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:08:34 AM

Posted 05 May 2008 - 11:29 AM

It isn't running in services this time. It was in the other log. If it's running, then no problem. :thumbsup:
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#8 bb0bbby

bb0bbby
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cbus, OH
  • Local time:08:34 AM

Posted 05 May 2008 - 11:43 AM

it's in my system tray....don't know if that means it's running or not though.

things have been pretty weird around this pc lately.
Persistence is the twin sister of excellence. One is a matter of quality; the other a matter of time.

#9 bb0bbby

bb0bbby
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cbus, OH
  • Local time:08:34 AM

Posted 05 May 2008 - 12:01 PM

It said there was no malicious etc stuff found ???

here's the log:

Malwarebytes' Anti-Malware 1.11
Database version: 720

Scan type: Quick Scan
Objects scanned: 36562
Time elapsed: 10 minute(s), 2 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)



what should my next step be ?

i have recently used the following programs to remove stuff:
anti-rogue sweep (arswp) - a chinese program
DSS
HJT
Smitfraud fix
Persistence is the twin sister of excellence. One is a matter of quality; the other a matter of time.

#10 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:08:34 AM

Posted 05 May 2008 - 12:06 PM

Hello,

Click Start Menu > Run > type (or copy and paste)

%SystemRoot%\System32\restore\rstrui.exe

Press OK. Choose Create a Restore Point then click Next. Name it ( something you'll remember) and click Create, when the confirmation screen shows the restore point has been created click Close.

Next goto Start Menu > Run > type

cleanmgr

Click OK, Disk Cleanup will open and start calculating the amount of space that can be freed, Once thats finished it will open the Disk Cleanup options screen, click the More Options tab then click Clean up on the system restore area and choose Yes at the confirmation window which will remove all the restore points except the one we just created.

To close Disk Cleanup and remove the Temporary Internet Files detected in the initial scan click OK then choose Yes on the confirmation window.

Now let me know if you're still getting the detection messages, please. :thumbsup:

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#11 bb0bbby

bb0bbby
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cbus, OH
  • Local time:08:34 AM

Posted 05 May 2008 - 12:15 PM

I am performing the disk cleanup right now.

I also recently noticed that my maxtor 7Y250M0 is only reading that 127 GB total size so I partitioned it so that i would have access to the other space.

Do you think this had anything to do with this ?
Persistence is the twin sister of excellence. One is a matter of quality; the other a matter of time.

#12 bb0bbby

bb0bbby
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cbus, OH
  • Local time:08:34 AM

Posted 06 May 2008 - 10:09 AM

arswp is still finding an object called 'TestRun' in HKEY_CLASSES_ROOT APPID\BHO.DLL

antirogue sweep for windows is saying that it can 'sweep' it.

have you heard of this problem before ?
Persistence is the twin sister of excellence. One is a matter of quality; the other a matter of time.

#13 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:08:34 AM

Posted 06 May 2008 - 03:44 PM

Hi there,

At this point I'm going to say it's a false positive. To find out for sure you can navigate to that key HKEY_CLASSES_ROOT\APPID\BHO.DLL, and either paste the long number you see there back in this thread, or put it in Google and see if it comes up with a legit program you're running.

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#14 bb0bbby

bb0bbby
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cbus, OH
  • Local time:08:34 AM

Posted 06 May 2008 - 03:48 PM

I checked google & it didn't come back with anything.....

what is the next step ?

thanks
Persistence is the twin sister of excellence. One is a matter of quality; the other a matter of time.

#15 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:08:34 AM

Posted 07 May 2008 - 12:10 AM

You Googled the long number with the {} around it? Can you post it for me anyway please, so I can check a couple of places? I really think it's a false positive. :thumbsup:

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users