Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Keylogger Installed?


  • This topic is locked This topic is locked
1 reply to this topic

#1 TonyMas

TonyMas

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:04:36 AM

Posted 22 April 2008 - 03:32 PM

There is a possibility of a keylogger being installed on the system. My WoW account was recently hacked and Blizzard Support have suggested this occured due to a keylogger being installed on the system.

I don't see anything suspicious myself, but could have a quick look through the following please?

Thanks

Deckard's System Scanner v20071014.68
Run by Anthony on 2008-04-22 21:21:09
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
73: 2008-04-22 20:21:15 UTC - RP202 - Deckard's System Scanner Restore Point
72: 2008-04-20 11:31:23 UTC - RP201 - System Checkpoint
71: 2008-04-15 20:47:48 UTC - RP200 - System Checkpoint
70: 2008-04-13 20:08:19 UTC - RP199 - System Checkpoint
69: 2008-04-12 15:15:00 UTC - RP198 - Installed DirectX 9.0


-- First Restore Point --
1: 2008-01-22 15:11:54 UTC - RP130 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Anthony.exe) ---------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:24:24, on 22/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe
C:\WINDOWS\CTHELPER.EXE
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\DU Meter4\DUMeter.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\WinTV\Ir.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\DU Meter4\DUMeterSvc.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\NVIDIA NTune\nTune\nTuneService.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Anthony\Application Data\Opera\Opera\profile\cache4\temporary_download\dss.exe
D:\PROGRA~1\HIJACK~1\Anthony.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ie/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ftp=localhost:8118;gopher=localhost:8118;http=localhost:8118;https=localhost:8118;socks=localhost:9050
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost, 127.0.0.1
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe
O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\System32\JMRaidSetup.exe boot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [EPSON Stylus D88 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABE.EXE /P23 "EPSON Stylus D88 Series" /O5 "LPT1:" /M "Stylus D88"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA NTune\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [DU Meter] C:\Program Files\DU Meter4\DUMeter.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: AutoStart IR.lnk = C:\Program Files\WinTV\Ir.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/softwareupdate/su/...031/CTSUEng.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su2...15035/CTPID.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: DU Meter Service (DUMeterSvc) - Hagel Technologies Ltd - C:\Program Files\DU Meter4\DUMeterSvc.exe
O23 - Service: IS Service (ISSVC) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Unknown owner - C:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXE (file missing)
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA NTune\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - D:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - D:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Symantec SecurePort (SymSecurePort) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe

--
End of file - 9341 bytes

-- HijackThis Fixed Entries (D:\PROGRA~1\HIJACK~1\backups\) --------------------

backup-20080422-203927-371 O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

-- File Associations -----------------------------------------------------------

.js - jsfile - DefaultIcon - "D:\Program Files\Adobe\Adobe Dreamweaver CS3\Dreamweaver.exe",7
.js - jsfile - shell\open\command - "D:\Program Files\Adobe\Adobe Dreamweaver CS3\Dreamweaver.exe","%1"


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 SCDEmu - c:\windows\system32\drivers\scdemu.sys <Not Verified; PowerISO Computing, Inc.; scdemu>
R2 PDRJNDL - c:\program files\dekart\private disk\pdrjndl.sys <Not Verified; Dekart; Dekart Private Disk>
R2 PRVDISK - c:\program files\dekart\private disk\prvdisk.sys <Not Verified; Dekart; Dekart Private Disk>
R3 NVR0Dev - c:\windows\nvoclock.sys <Not Verified; NVidia Corp.; NVidia System Utility Driver>

S3 EagleNT - c:\windows\system32\drivers\eaglent.sys (file missing)
S3 grmnusb - c:\windows\system32\drivers\grmnusb.sys <Not Verified; GARMIN Corp.; Garmin USB GPS>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 nTuneService (nTune Service) - c:\program files\nvidia ntune\ntune\ntuneservice.exe /startservice <Not Verified; NVIDIA; NVIDIA nTune>

S2 LBTServ (Logitech Bluetooth Service) - c:\program files\common files\logitech\bluetooth\lbtserv.exe (file missing)
S4 Bonjour Service (##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##) - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Computer, Inc.; Bonjour>
S4 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: SM Bus Controller
Device ID: PCI\VEN_8086&DEV_2930&SUBSYS_50011458&REV_02\3&13C0B0C5&0&FB
Manufacturer:
Name: SM Bus Controller
PNP Device ID: PCI\VEN_8086&DEV_2930&SUBSYS_50011458&REV_02\3&13C0B0C5&0&FB
Service:


-- Files created between 2008-03-22 and 2008-04-22 -----------------------------

2008-04-18 21:45:43 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-04-18 21:45:42 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-04-18 21:19:36 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-18 20:39:39 0 d-------- C:\Documents and Settings\Anthony\Application Data\PC Tools
2008-04-18 19:44:36 0 d-------- C:\Logs
2008-03-31 18:33:30 0 d-------- C:\Documents and Settings\Anthony\Application Data\tor
2008-03-31 18:33:15 0 d-------- C:\Documents and Settings\Anthony\Application Data\Vidalia
2008-03-30 22:44:54 0 d-------- C:\Program Files\Sony
2008-03-30 18:58:42 0 d-------- C:\Documents and Settings\Anthony\Incomplete
2008-03-30 18:58:32 0 d-------- C:\Documents and Settings\Anthony\Application Data\FrostWire
2008-03-28 22:01:35 0 d-------- C:\Documents and Settings\Anthony\Application Data\vlc
2008-03-28 20:05:06 0 d-------- C:\Program Files\Common Files\Skype
2008-03-27 23:02:57 0 d-------- C:\Documents and Settings\Anthony\Application Data\GARMIN
2008-03-22 20:14:31 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP


-- Find3M Report ---------------------------------------------------------------

2008-04-22 21:23:55 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-04-22 21:08:39 0 d-------- C:\Documents and Settings\Anthony\Application Data\Skype
2008-04-22 19:04:58 40 --a------ C:\WINDOWS\system32\profile.dat
2008-04-22 19:00:54 0 d-------- C:\Program Files\World of Warcraft
2008-04-14 23:14:07 0 d-------- C:\Documents and Settings\Anthony\Application Data\Mozilla
2008-04-13 06:00:27 0 d-------- C:\Documents and Settings\Anthony\Application Data\uTorrent
2008-04-12 16:05:02 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-03-28 21:58:43 0 d-------- C:\Program Files\VLC
2008-03-28 21:55:02 0 d-------- C:\Program Files\Xvid
2008-03-28 20:05:06 0 d-------- C:\Program Files\Common Files
2008-03-19 21:44:08 0 d-------- C:\Program Files\Creative
2008-03-19 21:43:14 409600 --a------ C:\WINDOWS\system32\wrap_oal.dll <Not Verified; Creative Labs; Creative Labs OpenAL32>
2008-03-19 21:43:14 86016 --a------ C:\WINDOWS\system32\OpenAL32.dll <Not Verified; Portions © Creative Labs Inc. and NVIDIA Corp.; Standard OpenAL™ Library>
2008-03-19 21:43:11 0 d-------- C:\Documents and Settings\Anthony\Application Data\Creative
2008-03-16 16:54:40 0 d-------- C:\Program Files\The Sims 2 Open For Business
2008-03-14 18:21:55 0 d-------- C:\Documents and Settings\Anthony\Application Data\mIRC
2008-03-09 19:48:31 0 d-------- C:\Documents and Settings\Anthony\Application Data\Adobe
2008-03-09 17:51:12 0 d-------- C:\Program Files\Common Files\Adobe
2008-03-06 19:37:23 0 d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-03-04 00:06:34 0 d-------- C:\Program Files\Windows Live
2008-03-04 00:06:21 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
2008-03-02 03:39:20 0 d-------- C:\Program Files\uTorrent
2008-02-25 21:03:44 0 d-------- C:\Program Files\DAEMON Tools
2008-02-23 18:55:12 0 d-------- C:\Program Files\Audible
2008-02-23 18:52:24 0 d--h----- C:\Program Files\Creative Installation Information
2008-02-23 18:51:50 0 d-------- C:\Program Files\Creative ZEN
2008-02-23 18:51:44 0 d-------- C:\Program Files\Common Files\Creative
2008-02-22 19:42:44 0 d-------- C:\Program Files\Opera


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"="C:\WINDOWS\JM\JMInsIDE.exe" [30/10/2006 13:44]
"36X Raid Configurer"="C:\WINDOWS\System32\JMRaidSetup.exe" [06/02/2007 13:08]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [21/05/2007 08:32]
"nwiz"="nwiz.exe" [21/05/2007 08:32 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [21/05/2007 08:32]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [12/03/2007 18:30]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [02/06/2005 13:22 C:\WINDOWS\KHALMNPR.Exe]
"EPSON Stylus D88 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABE.exe" [27/01/2005 07:00]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [19/07/2006 20:26]
"vptray"="C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe" [27/09/2006 21:33]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [11/08/2005 16:30]
"CTHelper"="CTHELPER.EXE" [11/08/2006 15:56 C:\WINDOWS\CTHELPER.EXE]
"CTxfiHlp"="CTXFIHLP.EXE" [11/08/2006 15:56 C:\WINDOWS\system32\CTXFIHLP.EXE]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [30/12/2007 14:51]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVIDIA nTune"="C:\Program Files\NVIDIA NTune\nTune\nTuneCmd.exe" [03/07/2007 12:32]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [01/02/2008 18:22]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [18/09/2007 15:16]
"DU Meter"="C:\Program Files\DU Meter4\DUMeter.exe" [17/01/2008 20:40]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [18/10/2007 12:34]
"SpybotSD TeaTimer"="D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [28/01/2008 11:43]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
AutoStart IR.lnk - C:\Program Files\WinTV\Ir.exe [02/11/2007 18:32:29]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [13/10/2007 07:15:21]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
"C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]
KHALMNPR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
"C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"NMSAccessU"=2 (0x2)
"ProtexisLicensing"=2 (0x2)
"NMIndexingService"=3 (0x3)
"Nero BackItUp Scheduler 3"=2 (0x2)
"FLEXnet Licensing Service"=3 (0x3)
"Bonjour Service"=2 (0x2)
"UleadBurningHelper"=3 (0x3)




-- End of Deckard's System Scanner: finished at 2008-04-22 21:24:49 ------------


Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Core™2 Duo CPU E6850 @ 3.00GHz
CPU 1: Intel® Core™2 Duo CPU E6850 @ 3.00GHz
Percentage of Memory in Use: 33%
Physical Memory (total/avail): 2046.42 MiB / 1351.83 MiB
Pagefile Memory (total/avail): 3938.68 MiB / 3411.69 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1933.28 MiB

C: is Fixed (NTFS) - 127.99 GiB total, 74.08 GiB free.
D: is Fixed (NTFS) - 337.77 GiB total, 152.16 GiB free.
E: is CDROM (UDF)
F: is Fixed (NTFS) - 465.76 GiB total, 435.59 GiB free.
G: is CDROM (No Media)

\\.\PHYSICALDRIVE1 - SAMSUNG HD501LJ - 465.76 GiB - 1 partition
\PARTITION0 - Installable File System - 465.76 GiB - F:

\\.\PHYSICALDRIVE0 - WDC WD5000AAKS-00TMA0 - 465.76 GiB - 2 partitions
\PARTITION0 (bootable) - Installable File System - 127.99 GiB - C:
\PARTITION1 - Installable File System - 337.77 GiB - D:



-- Security Center -------------------------------------------------------------

AUOptions is set to notify before download.
Windows Internal Firewall is disabled.

AntiVirusDisableNotify is set.
FirewallDisableNotify is set.

FW: Norton Internet Worm Protection v2006 (Symantec) Disabled
FW: Symantec Client Firewall v8.7.4.97 (Symantec Corporation)
AV: Symantec AntiVirus Corporate Edition v10.1.5.5000 (Symantec Corporation)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Steam\\Steam.exe"="C:\\Program Files\\Steam\\Steam.exe:*:Enabled:Steam Client"
"C:\\Program Files\\Steam\\SteamApps\\common\\Lost Planet Extreme Condition\\LostPlanetDx10.exe"="C:\\Program Files\\Steam\\SteamApps\\common\\Lost Planet Extreme Condition\\LostPlanetDx10.exe:*:Enabled:LostPlanetDX10"
"C:\\Program Files\\Steam\\SteamApps\\common\\Lost Planet Extreme Condition\\LostPlanetDx9.exe"="C:\\Program Files\\Steam\\SteamApps\\common\\Lost Planet Extreme Condition\\LostPlanetDx9.exe:*:Enabled:LostPlanetDX9"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:µTorrent"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"D:\\Program Files\\Morpheus\\Morpheus.exe"="D:\\Program Files\\Morpheus\\Morpheus.exe:*:Enabled:Morpheus"
"D:\\Program Files\\World in Conflict\\wic.exe"="D:\\Program Files\\World in Conflict\\wic.exe:*:Enabled:World in Conflict"
"D:\\Program Files\\World in Conflict\\wic_online.exe"="D:\\Program Files\\World in Conflict\\wic_online.exe:*:Enabled:World in Conflict - Online Only"
"D:\\Program Files\\World in Conflict\\wic_ds.exe"="D:\\Program Files\\World in Conflict\\wic_ds.exe:*:Enabled:World in Conflict - Dedicated Server"
"D:\\Program Files\\Sid Meier's Civilization 4\\Civilization4.exe"="D:\\Program Files\\Sid Meier's Civilization 4\\Civilization4.exe:*:Enabled:Sid Meier's Civilization 4"
"D:\\Program Files\\Sid Meier's Civilization 4\\Warlords\\Civ4Warlords.exe"="D:\\Program Files\\Sid Meier's Civilization 4\\Warlords\\Civ4Warlords.exe:*:Enabled:Sid Meier's Civilization 4 Warlords"
"D:\\Program Files\\Sid Meier's Civilization 4\\Warlords\\Civ4Warlords_PitBoss.exe"="D:\\Program Files\\Sid Meier's Civilization 4\\Warlords\\Civ4Warlords_PitBoss.exe:*:Enabled:Sid Meier's Civilization 4 Pitboss"
"D:\\Program Files\\Sid Meier's Civilization 4\\Beyond the Sword\\Civ4BeyondSword.exe"="D:\\Program Files\\Sid Meier's Civilization 4\\Beyond the Sword\\Civ4BeyondSword.exe:*:Enabled:Sid Meier's Civilization 4 Beyond the Sword"
"D:\\Program Files\\Sid Meier's Civilization 4\\Beyond the Sword\\Civ4BeyondSword_PitBoss.exe"="D:\\Program Files\\Sid Meier's Civilization 4\\Beyond the Sword\\Civ4BeyondSword_PitBoss.exe:*:Enabled:Sid Meier's Civilization 4 Beyond the Sword Pitboss"
"C:\\Program Files\\Beyond TV\\BTVRegistrationService.exe"="C:\\Program Files\\Beyond TV\\BTVRegistrationService.exe:*:Enabled:Beyond TV Registration Service"
"C:\\Program Files\\Beyond TV\\BTVLibraryService.exe"="C:\\Program Files\\Beyond TV\\BTVLibraryService.exe:*:Enabled:Beyond TV Library Service"
"C:\\Program Files\\Beyond TV\\BTVNetworkService.exe"="C:\\Program Files\\Beyond TV\\BTVNetworkService.exe:*:Enabled:Beyond TV Network Service"
"C:\\Program Files\\Beyond TV\\BTVRecordingEngine.exe"="C:\\Program Files\\Beyond TV\\BTVRecordingEngine.exe:*:Enabled:Beyond TV Recording Engine"
"C:\\Program Files\\Beyond TV\\BTVGuideDataLoader.exe"="C:\\Program Files\\Beyond TV\\BTVGuideDataLoader.exe:*:Enabled:Beyond TV Guide Data Loader"
"C:\\Program Files\\Beyond TV\\BTVSettingsService.exe"="C:\\Program Files\\Beyond TV\\BTVSettingsService.exe:*:Enabled:Beyond TV Settings Service"
"C:\\Program Files\\Beyond TV\\BTVTaskManagerService.exe"="C:\\Program Files\\Beyond TV\\BTVTaskManagerService.exe:*:Enabled:Beyond TV Task Manager Service"
"C:\\Program Files\\Beyond TV\\BTVD3DShell.exe"="C:\\Program Files\\Beyond TV\\BTVD3DShell.exe:*:Enabled:Beyond TV ViewScape"
"C:\\Program Files\\Beyond TV\\SetupWizard.exe"="C:\\Program Files\\Beyond TV\\SetupWizard.exe:*:Enabled:Beyond TV Setup Wizard"
"D:\\Program Files\\Dungeon Siege 2\\DungeonSiege2.exe"="D:\\Program Files\\Dungeon Siege 2\\DungeonSiege2.exe:*:Enabled:Dungeon Siege 2 Game Executable"
"D:\\Program Files\\Supreme Commander\\Supreme Commander\\bin\\SupremeCommander.exe"="D:\\Program Files\\Supreme Commander\\Supreme Commander\\bin\\SupremeCommander.exe:*:Enabled:Supreme Commander"
"D:\\Program Files\\Supreme Commander\\GPGNet\\GPG.Multiplayer.Client.exe"="D:\\Program Files\\Supreme Commander\\GPGNet\\GPG.Multiplayer.Client.exe:*:Enabled:GPGNet - Supreme Commander"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"D:\\Program Files\\FrostWire\\FrostWire.exe"="D:\\Program Files\\FrostWire\\FrostWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Anthony\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=TONY
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Anthony
LOGONSERVER=\\TONY
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=D:\Program Files\HijackThis;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Common Files\Ulead Systems\MPEG;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 11, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0f0b
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Anthony\LOCALS~1\Temp
TMP=C:\DOCUME~1\Anthony\LOCALS~1\Temp
USERDOMAIN=TONY
USERNAME=Anthony
USERPROFILE=C:\Documents and Settings\Anthony
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Anthony (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> "C:\Program Files\Creative Installation Information\CD_RIPPER_UNICODE_2\Setup.exe" /remove /l0x0009
--> "C:\Program Files\Creative Installation Information\CREATIVE_SYNC_MANAGER_U\Setup.exe" /remove /l0x0009
--> "C:\Program Files\Creative Installation Information\CREATIVE_VIDEO_CONVERTER\Setup.exe" /remove /l0x0009
--> "C:\Program Files\Creative Installation Information\ZEN_MTP_MEDIA_EXPLORER\Setup.exe" /remove /l0x0009
--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7201B853-5833-11D6-A285-00A0CC51B2FE}\Setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7B9AE66C-2A8F-4FB2-85D7-416AFFAE8408}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88B1984E-36F0-47B8-B8DC-728966807A9C}\SETUP.EXE" -l0x9
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware 2007 --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Anchor Service CS3 --> MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3 --> MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge CS3 --> MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting --> MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe Camera Raw 4.0 --> MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps --> MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color - Photoshop Specific --> MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
Adobe Color Common Settings --> MsiExec.exe /I{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}
Adobe Color EU Extra Settings --> MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8}
Adobe Color JA Extra Settings --> MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Recommended Settings --> MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5}
Adobe Default Language CS3 --> MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3 --> MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe Dreamweaver CS3 --> C:\Program Files\Common Files\Adobe\Installers\435a6af7459cb02a9c1138113a26e93\Setup.exe
Adobe Dreamweaver CS3 --> MsiExec.exe /I{F01D5ED5-D53A-4468-B428-149DC2CB3110}
Adobe ExtendScript Toolkit 2 --> MsiExec.exe /I{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}
Adobe Extension Manager CS3 --> MsiExec.exe /I{2A539CD9-0F75-4875-9A32-E06DD93C4114}
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9c.exe -uninstallUnlock
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Fonts All --> MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Help Viewer CS3 --> MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
Adobe Linguistics CS3 --> MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe PDF Library Files --> MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop CS3 --> C:\Program Files\Common Files\Adobe\Installers\2ac78060bc5856b0c1cf873bb919b58\Setup.exe
Adobe Photoshop CS3 --> MsiExec.exe /I{0046FA01-C5B9-4985-BACB-398DC480FC05}
Adobe Reader 7.0 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70000000000}
Adobe Setup --> MsiExec.exe /I{3A12C952-61D5-4C3B-B68B-8CFBE47E22F1}
Adobe Setup --> MsiExec.exe /I{D1BB4446-AE9C-4256-9A7F-4D46604D2462}
Adobe Stock Photos CS3 --> MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe Type Support --> MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3 --> MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client --> MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe WinSoft Linguistics Plugin --> MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe XMP Panels CS3 --> MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923}
AoA Audio Extractor 1.0 --> "D:\Program Files\AoA Audio Extractor\unins000.exe"
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
µTorrent --> "C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
AudibleManager --> C:\Program Files\Audible\Bin\Upgrade.exe /Uninstall
AviSynth 2.5 --> "C:\Program Files\AviSynth 2.5\Uninstall.exe"
Beyond TV DVD Burning Foundation --> MsiExec.exe /I{3EDFFD11-B9AB-4296-9757-B5AF1F2B8E5C}
CDBurnerXP --> "D:\Program Files\CDBurnerXP\unins000.exe"
Creative Audio Console --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7B9AE66C-2A8F-4FB2-85D7-416AFFAE8408}\setup.exe" -l0x9 /remove
Creative Software AutoUpdate --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88B1984E-36F0-47B8-B8DC-728966807A9C}\SETUP.EXE" -l0x9 /remove
Creative System Information --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x9 /remove
Creative ZEN --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1B2DBF55-05D4-4072-87D8-689141E262BD}\SETUP.EXE" -l0x9 /remove
Crusader 1.0 --> D:\Program Files\Fizzy\Crusader\uninst.exe
DAMN NFO Viewer 2.10.0031 RC3 --> MsiExec.exe /I{DA5E6A2D-DEAA-4152-A43A-FDBDE29AA724}
Dekart Private Disk 2.05 --> RunDll32 advpack.dll,LaunchINFSection C:\PROGRA~1\Dekart\PRIVAT~1\dpd.inf, DefaultUninstall
Diablo II --> C:\WINDOWS\DIIUnin.exe C:\WINDOWS\DIIUnin.dat
DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DMIView B06.1227.01 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3EE1008C-11A1-4F4F-8DB7-27573924DE78}\setup.exe" -l0x9 -removeonly
Dragonshard --> MsiExec.exe /I{85DF2C7E-183B-4153-9B89-36D0E239E2CB}
DU Meter --> "C:\Program Files\DU Meter4\unins000.exe"
Dungeon Siege 2 --> "D:\Program Files\Dungeon Siege 2\UNINSTAL.EXE" /runtemp /uninstall
EA AutoPatch --> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\system32\NPSPatch.isu
Empire Earth --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2447500B-22D7-47BD-9B13-1A927F43A267}\Setup.exe"
eMule --> "D:\Program Files\eMule\Uninstall.exe"
EPSON Printer Software --> C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
ETC B07.0116.01 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9C6105B4-2A33-4ADB-89A0-F423D562F3B9}\setup.exe" -l0x9 -removeonly
EverQuest II: Play the Fae --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{31EF8B2A-1332-4A0E-8B35-2E3491727922}\setup.exe" -l0x9 -removeonly
Face_Wizard B07.0307.01 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E76FCE6B-9999-4250-8C75-B2DA4AD41268}\setup.exe" -l0x9 -removeonly
FrostWire 4.13.5 --> D:\Program Files\FrostWire\Uninstall.exe
Garmin City Navigator Europe v9 --> MsiExec.exe /X{2697C026-58DE-4A42-83E5-5837C999630A}
Garmin MapSource --> MsiExec.exe /X{CF07A1C9-098F-47DD-99E0-B6558C33871B}
Garmin WebUpdater --> MsiExec.exe /X{366FFC89-C800-4366-B903-B9C4314109A5}
Gigabyte Raid Configurer --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}\SETUP.EXE" -l0x9 -removeonly
GPGNet --> MsiExec.exe /I{C194D333-B84A-4BB7-B35E-060732D98DC4}
Half-Life --> C:\WINDOWS\IsUninst.exe -f"d:\Program Files\Half Life\Uninst.isu" -c"d:\Program Files\Half Life\HLUNINST.DLL"
Hauppauge English Help Files and Resources --> C:\PROGRA~1\WinTV\UNHLPeng.EXE C:\PROGRA~1\WinTV\WTV2Keng.LOG
Hauppauge WinTV-PVR 150 Drivers --> C:\PROGRA~1\WinTV\UNpvr48.EXE C:\PROGRA~1\WinTV\pvr26xxx.LOG
Hauppauge WinTV Infrared Remote --> C:\PROGRA~1\WinTV\UNir32.EXE C:\PROGRA~1\WinTV\ir32.LOG
Hauppauge WinTV IR Blaster --> C:\PROGRA~1\WinTV\UNirblst.EXE C:\PROGRA~1\WinTV\IRblast.LOG
Hauppauge WinTV Scheduler --> C:\PROGRA~1\WinTV\SCHEDU~1\uniSCHED.exe C:\PROGRA~1\WinTV\SCHEDU~1\uniSCHED.log
Hauppauge WinTV2000 --> C:\PROGRA~1\WinTV\UNTV32.EXE C:\PROGRA~1\WinTV\WINTV2K.LOG
Hero Editor V0.96 --> C:\WINDOWS\st6unst.exe -n "D:\Program Files\Diablo II\Editor\ST6UNST.LOG"
High Definition Audio Driver Package - KB888111 --> "C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2 --> "D:\Program Files\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
i-Cool --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{28184E01-D57A-4933-A09B-F65403F16D82}\setup.exe" -l0x9 -uninst -removeonly
ImTOO AVI to DVD Converter --> D:\Program Files\AVI to DVD Converter\Uninstall.exe
InterVideo FilterSDK for Hauppauge --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2227E1FA-01F5-483C-AB0E-2A308E900B3D}\setup.exe" REMOVEALL
Java™ 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Kaspersky Online Scanner --> C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
Kazaa Lite Resurrection 0.0.9 --> "D:\Program Files\Kazaa Lite Resurrection\unins000.exe"
LiveUpdate 3.1 (Symantec Corporation) --> "C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
LiveUpdate Notice (Symantec Corporation) --> MsiExec.exe /X{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}
Logitech SetPoint --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}\setup.exe" -l0x9 -removeonly
Lost Planet: Extreme Condition --> "C:\Program Files\Steam\steam.exe" steam://uninstall/6510
MakeTorrent v2.1 --> "C:\Program Files\Maketorrent 2\uninstall.exe"
MediaMonkey 2.5 --> "C:\Program Files\MediaMonkey\unins000.exe"
MediaMonkey Script: TweakMonkey v1.0 --> "C:\Program Files\MediaMonkey\unins001.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 --> "C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft Office Word Viewer 2003 --> MsiExec.exe /I{90850409-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Might and Magic® VI --> C:\WINDOWS\IsUninst.exe -f"d:\Program Files\Might and Magic VI\Uninst.isu"
Might and Magic® VII --> C:\WINDOWS\IsUninst.exe -f"d:\program files\Might and Magic VII\Uninst.isu" -c"d:\program files\Might and Magic VII\uninst.dll
Might and Magic® VIII: Day of the Destroyer™ --> C:\WINDOWS\IsUninst.exe -f"D:\Program Files\Might and Magic VIII\Uninst.isu" -c"D:\Program Files\Might and Magic VIII\uninst.dll
mIRC --> D:\Program Files\mIRC\uninstall.exe _?=D:\Program Files\mIRC
Mozilla Firefox (2.0.0.12) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
nanoPEG-Editor 2.3 Hauppauge Edition --> "C:\Program Files\nanocosmos\MPEG-Tools for Hauppauge\Editor2\unins000.exe"
neroxml --> MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
NVIDIA Drivers --> C:\WINDOWS\System32\nvudisp.exe UninstallGUI
NVIDIA nTune --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF} /l1033
Oblivion --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{35CB6715-41F8-4F99-8881-6FC75BF054B0}\setup.exe" -l0x9 -removeonly
Online Manuals for WinTV (English) --> C:\PROGRA~1\WinTV\UNTVmans.exe C:\PROGRA~1\WinTV\WinTVMan.LOG
Opera 9.26 --> MsiExec.exe /X{9894D22D-0558-41D9-95FC-8E9BFD6E8170}
PDF Settings --> MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
Populous: The Beginning --> C:\WINDOWS\IsUninst.exe -f"d:\program files\Populous\Uninst.isu" -c"d:\program files\Populous\uninst.dll"
PowerISO --> "D:\Program Files\PowerISO\uninstall.exe"
Privoxy 3.0.6 --> "D:\Program Files\Tor\Uninstall.exe"
QuickTime --> MsiExec.exe /I{E0D51394-1D45-460A-B62D-383BC4F8B335}
Rappelz_USA --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E144A786-D2DD-428B-9C1A-0EE3FA3515EA}\setup.exe" -l0x9 -removeonly
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
REALTEK GbE & FE Ethernet PCI-E NIC Driver --> C:\Program Files\InstallShield Installation Information\{C9BED750-1211-4480-B1A5-718A3BE15525}\SETUP.EXE -runfromtemp -l0x0009 -removeonly
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Sid Meier's Civilization 4 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}\setup.exe" -l0x9 -removeonly
Sid Meier's Civilization 4 - Beyond the Sword --> C:\Program Files\InstallShield Installation Information\{32E4F0D2-C135-475E-A841-1D59A0D22989}\setup.exe -runfromtemp -l0x0009 -removeonly
Sid Meier's Civilization 4 - Warlords --> C:\Program Files\InstallShield Installation Information\{3E4B349F-10B5-4586-9D99-489A90A8B228}\setup.exe -runfromtemp -l0x0009 -removeonly
Sierra Utilities --> C:\Program Files\Sierra On-Line\sutil32.exe uninstall
Skype™ 3.6 --> MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
SnapStream Beyond TV 4.6.1 --> "C:\Program Files\Beyond TV\uninstall-btv.exe"
SnapStream Firefly Mini 1.0.2 --> "C:\Program Files\SnapStream Media\Firefly Mini\Uninstall.exe"
SoulSeekkor's TQ Defiler --> MsiExec.exe /I{A111D34B-7021-44CE-BEFB-3C17688F463B}
SoundFont Bank Manager --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7201B853-5833-11D6-A285-00A0CC51B2FE}\Setup.exe" -l0x9 /remove
Spybot - Search & Destroy --> "D:\Program Files\Spybot - Search & Destroy\unins000.exe"
Spyware Doctor 5.5 --> D:\Program Files\Spyware Doctor\unins000.exe /LOG
Steam --> MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
Supreme Commander --> C:\Program Files\InstallShield Installation Information\{25A1E6A4-2DBD-4AC0-8650-8EA9A45B183D}\setup.exe -runfromtemp -l0x0009 -removeonly
Symantec Client Security --> MsiExec.exe /I{0698CECB-9072-47B1-AEA1-94CA350989B8}
TA Conflict Crusher --> D:\Program Files\TOTALA\TACC\uninstall.exe
THE SETTLERS - Rise of an Empire --> "C:\Program Files\InstallShield Installation Information\{D3F80A98-05AB-4D8C-9272-766CCFA6A48D}\setup.exe" -runfromtemp -l0x0009 -removeonly
The Sims 2 --> D:\Program Files\The Sims 2\EAUninstall.exe
The Sims 2 Open For Business --> C:\Program Files\The Sims 2 Open For Business\EAUninstall.exe
The Witcher --> "C:\Program Files\InstallShield Installation Information\{F138762F-5A1F-4CF0-A5E1-1588EF6088A4}\setup.exe" -runfromtemp -l0x0009 -removeonly
Titan Quest --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{412B69AF-C352-4F6F-A318-B92B3CB9ACC6}\setup.exe" -l0x9 -removeonly
Titan Quest Immortal Throne --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B5C5C17E-FEF6-4062-8151-A427AE8AF9D7}\setup.exe" -l0x9 -removeonly
Tor 0.1.2.19 --> "D:\Program Files\Tor\Uninstall.exe"
Torrent Episode Downloader --> MsiExec.exe /I{1D319C1D-C857-4AD1-9F37-7F9A33726683}
Total Annihilation --> D:\PROGRAM FILES\TOTALA\setup.exe -u
Total Annihilation - Battle Tactics --> D:\PROGRA~1\TOTALA\tabtunst.exe D:\PROGRA~1\TOTALA
Total Annihilation - Core Contingency --> D:\PROGRA~1\TOTALA\CC\CCQUERY.EXE
TQVault --> MsiExec.exe /I{51592501-CFCE-4570-A0B8-8B14E40BF23A}
Ulead DVD MovieFactory 4.0 SE --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{448AB2CB-C94A-47DE-80B8-9D7824DEFA57}\setup.exe" -l0x9
VCRedistSetup --> MsiExec.exe /I{3921A67A-5AB1-4E48-9444-C71814CF3027}
Vidalia 0.0.16 --> "D:\Program Files\Tor\Uninstall.exe"
VideoLAN VLC media player 0.8.6e --> C:\Program Files\VLC\uninstall.exe
VTPlus32 for WinTV (English) --> C:\PROGRA~1\vtplus\UNVTplus.exe C:\PROGRA~1\vtplus\VTPlus.LOG
Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Live installer --> MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Messenger --> MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live Sign-in Assistant --> MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
World in Conflict --> C:\Program Files\InstallShield Installation Information\{F11ADC64-C89E-47F4-A0B3-3665FF859397}\setup.exe -runfromtemp -l0x0009 -removeonly
World of Warcraft --> C:\Program Files\Common Files\Blizzard Entertainment\World of Warcraft\Uninstall.exe
WowAceUpdater --> rundll32.exe dfshim.dll,ShArpMaintain WowAceUpdater.application, Culture=neutral, PublicKeyToken=4d89fb8d52541cc9, processorArchitecture=msil
X - Beyond the Frontier --> C:\WINDOWS\IsUninst.exe -f"D:\Program Files\X - Beyond the Frontier\Uninst.isu"
XML Paper Specification Shared Components Pack 1.0 -->
Xvid 1.1.3 final uninstall --> "C:\Program Files\Xvid\unins000.exe"
ZENcast Organizer --> "C:\Program Files\Creative Installation Information\ZENCAST_ORGANIZER\Setup.exe" /remove /l0x0009


-- Application Event Log -------------------------------------------------------

Event Record #/Type6172 / Error
Event Submitted/Written: 04/21/2008 01:06:14 AM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application EverQuest2.exe, version 1.0.0.1, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type6149 / Error
Event Submitted/Written: 04/19/2008 11:55:47 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application oblivion.exe, version 1.2.0.416, faulting module unknown, version 0.0.0.0, fault address 0x00000000.
Processing media-specific event for [oblivion.exe!ws!]

Event Record #/Type6125 / Warning
Event Submitted/Written: 04/18/2008 10:36:43 PM
Event ID/Source: 6 / Symantec AntiVirus
Event Description:
Could not scan 15 files inside C:\Documents and Settings\Anthony\My Documents\Downloaded Installations\Adobe Dreamweaver CS3\payloads\AdobeExtensionManager1.8All\AdobeExtensionManager1.8All1.cab due to extraction errors encountered by the Decomposer Engines.

Event Record #/Type6124 / Warning
Event Submitted/Written: 04/18/2008 10:36:39 PM
Event ID/Source: 6 / Symantec AntiVirus
Event Description:
Could not scan 68 files inside C:\Documents and Settings\Anthony\My Documents\Downloaded Installations\Adobe Dreamweaver CS3\payloads\AdobeDreamweaver9en_US\AdobeDreamweaver9en_US1.cab due to extraction errors encountered by the Decomposer Engines.

Event Record #/Type6123 / Warning
Event Submitted/Written: 04/18/2008 10:36:17 PM
Event ID/Source: 6 / Symantec AntiVirus
Event Description:
Could not scan 12 files inside C:\Documents and Settings\Anthony\My Documents\Downloaded Installations\Adobe Dreamweaver CS3\payloads\AdobeDeviceCentralAll\AdobeDeviceCentralAll1.cab due to extraction errors encountered by the Decomposer Engines.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type12513 / Error
Event Submitted/Written: 04/22/2008 07:06:32 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The Logitech Bluetooth Service service failed to start due to the following error:
%%2

Event Record #/Type12509 / Error
Event Submitted/Written: 04/22/2008 07:04:56 PM
Event ID/Source: 15 / Cdrom
Event Description:
The device, \Device\CdRom0, is not ready for access yet.

Event Record #/Type12508 / Error
Event Submitted/Written: 04/22/2008 07:04:55 PM
Event ID/Source: 15 / Cdrom
Event Description:
The device, \Device\CdRom0, is not ready for access yet.

Event Record #/Type12507 / Error
Event Submitted/Written: 04/22/2008 07:04:54 PM
Event ID/Source: 15 / Cdrom
Event Description:
The device, \Device\CdRom0, is not ready for access yet.

Event Record #/Type12506 / Error
Event Submitted/Written: 04/22/2008 07:04:53 PM
Event ID/Source: 15 / Cdrom
Event Description:
The device, \Device\CdRom0, is not ready for access yet.



-- End of Deckard's System Scanner: finished at 2008-04-22 21:24:49 ------------

BC AdBot (Login to Remove)

 


#2 pskelley

pskelley

  • Members
  • 1,487 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:36 PM

Posted 09 May 2008 - 11:29 AM

There is no evidence of a keylogger in the HJT log. If you still believe one may be installed, return to #5 in the preparation guide. Scan your computer with the Kaspersky Online Scanner
in the Preparation Guide and post those results.

I apologize for the wait, we have a large amount of logs and a limited amount of volunteers to respond. If you have not yet resolved your issue, post a new HJT log and I will take a look. Copy/paste your log do not attach it. If I do not hear from you in a couple of days, I will assume you no longer need help and close the topic.

Thanks for your patience.

pskelley
BleepingComputer
MS-MVP Windows Security 2007-08
Proud Member ASAP
UNITE Member 2006




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users