Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected With Vundo Trojan


  • This topic is locked This topic is locked
55 replies to this topic

#1 funnytim

funnytim

  • Members
  • 624 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:01:57 AM

Posted 25 April 2008 - 01:55 AM

Hi,

I've been referred here by this topic: http://www.bleepingcomputer.com/forums/t/143254/wasam-infected/.

The problem is that apparantely I'm infected by the "Vundo Trojan", picked up by Malwarebytes Anti-Malware. MAM reports it removed, but upon restart, it still shows the Trojan when i scan it again.
The past few times I've run MAM, it now reports "clean", but the computer is still slow. Also, I cannot install Super Anti-Spyware (as directed previously):

I still cannot install SAS...i get the error msg saying Admin has set policies that doesn't allow me to install, even though I'm in an admin account (as i mentioned earlier) (screenshot: http://img131.imageshack.us/my.php?image=a...serrorym9.png))



And the computer is "half" in safe mode, even though I've selected "boot normally".

And it's changed to "Windows classic theme"...I can't get back the "Win XP" style theme.
And on the welcome screen, the limited accounts have disappeared. Only the admin accounts exist (like in safe mode, but i'm Not in SM). however some programs like network magic report the program "cannot be started in safe mode". This "non-xp normal style" happened after I first did a MAM scan in safe mode. It found the infection, rebooted, then this "non xp normal style" started happening



Here is my HiJack this log:


----------------------START-------------------------


Deckard's System Scanner v20071014.68
Run by Timothy Leung on 2008-04-24 23:29:56
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
9: 2008-04-25 06:30:01 UTC - RP77 - Deckard's System Scanner Restore Point
8: 2008-04-24 06:35:37 UTC - RP76 - Last known good configuration
7: 2008-04-24 06:35:36 UTC - RP75 - Last known good configuration
6: 2008-04-24 06:35:36 UTC - RP74 - Last known good configuration
5: 2008-04-24 06:35:36 UTC - RP73 - Last known good configuration


-- First Restore Point --
1: 2008-04-24 06:35:34 UTC - RP69 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Timothy Leung.exe) ---------------------------------------

Unable to find log (file not found); running clone.
-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-04-24 23:31:56
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\UltraMon\UltraMon.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\UltraMon\UltraMonTaskbar.exe
C:\WINDOWS\RTHDCPL.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Norton Ghost\Agent\VProTray.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Monitor Control\MonitorControl.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\vbuzzer\VBuzzer.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Microsoft ActiveSync\rapimgr.exe
C:\Program Files\WinTV\Ir.exe
C:\Program Files\Hewlett-Packard\Deskjet F335\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HDDlife\HDDlifePro.exe
C:\Documents and Settings\Timothy Leung\Start Menu\Programs\Startup\hicdeject.exe
C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\Program Files\Hewlett-Packard\Deskjet F335\Digital Imaging\bin\hpqste08.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\Timothy Leung\.nx\plugin\Windows\bin\NXWin.exe
C:\Documents and Settings\Timothy Leung\.nx\plugin\Windows\bin\nxssh.exe
C:\Documents and Settings\Timothy Leung\Desktop\dss.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 125.245.81.226:8080
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: (no name) - {3762B068-17B9-45A0-8A6D-BB7CA99A2032} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {8037E5A4-DB3A-4A88-AC6B-F90C1D03AE2D} - C:\WINDOWS\system32\rqRLfgHY.dll (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [UltraMon] "C:\Program Files\UltraMon\UltraMon.exe" /auto
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
O4 - HKLM\..\Run: [Microsoft Updates] svehost.exe
O4 - HKLM\..\Run: [Norton Ghost 14.0] "C:\Program Files\Norton Ghost\Agent\VProTray.exe"
O4 - HKLM\..\RunServices: [Microsoft Updates] svehost.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Softany Monitor Control] C:\Program Files\Monitor Control\MonitorControl.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Vbuzzer Messenger] C:\Program Files\vbuzzer\VBuzzer.exe
O4 - HKCU\..\Run: [IncrediMail] C:\PROGRA~1\INCRED~1\bin\IncMail.exe /c
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [SSS2006] "C:\Program Files\Steganos Security Suite 2006\SSS2006.exe" -firstboot (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [SSS2006] "C:\Program Files\Steganos Security Suite 2006\SSS2006.exe" -firstboot (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [SSS2006] "C:\Program Files\Steganos Security Suite 2006\SSS2006.exe" -firstboot (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [SSS2006] "C:\Program Files\Steganos Security Suite 2006\SSS2006.exe" -firstboot (User 'Default user')
O4 - Startup: APC UPS Status.lnk = C:\Program Files\APC\APC PowerChute Personal Edition\Display.exe
O4 - Startup: HDDlife.lnk = C:\Program Files\HDDlife\HDDlifePro.exe
O4 - Startup: hicdeject.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AutoStart IR.lnk = C:\Program Files\WinTV\Ir.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Deskjet F335\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Add to Vbuzzer RSS list - C:\Program Files\vbuzzer\addurl.htm
O8 - Extra context menu item: Blocking access to the document address by AliveProxy - C:\Program Files\AiS AliveProxy Server\aisBlockDocument.html
O8 - Extra context menu item: Blocking access to the image address by AliveProxy - C:\Program Files\AiS AliveProxy Server\aisBlockImage.html
O8 - Extra context menu item: Blocking access to the link address by AliveProxy - C:\Program Files\AiS AliveProxy Server\aisBlockLink.html
O8 - Extra context menu item: Cut proxy addresses from selected text by AliveProxy - C:\Program Files\AiS AliveProxy Server\aisCutProxyFromSelectedTåxt.html
O8 - Extra context menu item: Download All Links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwa...director/sw.cab
O16 - DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} (Hewlett-Packard Online Support Services) - https://h50203.www5.hp.com/HPISWeb/Customer...DataManager.CAB
O16 - DPF: {1EF9F042-C2EB-4293-8213-474CAEEF531D} (TmHcmsX Control) - http://www.trendsecure.com/framework/contr...vex/TmHcmsX.CAB
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} () - http://download.microsoft.com/download/F/6...922/wmv9VCM.CAB
O16 - DPF: {3DA2AAF4-4289-4D6E-B9C0-D8360229607B} (IPAQSelfHelp Class) - https://h50203.www5.hp.com/HPISWeb/Customer...SPEIPAQTool.CAB
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-CA/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.photolab.ca/Upload/ImageUploader4.cab
O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft RDP Client Control (redist)) - http://67.228.105.102/msrdp.cab
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} () - http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab
O18 - Protocol: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL
O18 - Protocol: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\puresp3.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Unknown owner - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Traffic Shaper XP Server (bcserver) - Unknown owner - C:\Program Files\Traffic Shaper XP\Server\bcserver.service
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Gizmo5\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NBService - Unknown owner - C:\Program Files\Nero\Nero 7\Nero
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe
O23 - Service: Pure Networks Network Magic Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security 2007\PcCtlCom.exe
O23 - Service: Trend Micro Protection Against Spyware (PcScnSrv) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security 2007\PcScnSrv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Steganos AntiTheft - Unknown owner - C:\WINDOWS\system32\\SatSrv.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymSnapService - Symantec - C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security 2007\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security 2007\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security 2007\tmproxy.exe


--
End of file - 16105 bytes

-- File Associations -----------------------------------------------------------

.js - JSFile - DefaultIcon - C:\Program Files\Macromedia\Dreamweaver MX 2004\Dreamweaver.exe,2
.js - JSFile - shell\open\command - "C:\Program Files\Macromedia\Dreamweaver MX 2004\Dreamweaver.exe" "%1"
.reg - regfile - shell\open\command - regedit.exe "%1" %*
.scr - scrfile - shell\open\command - "%1" %*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 FileDisk - c:\windows\system32\drivers\filedisk.sys
R1 NetPeeker - c:\windows\system32\drivers\netpeeker.sys
R1 SCDEmu - c:\windows\system32\drivers\scdemu.sys
R1 SLEE_13_DRIVER (Steganos Live Encryption Engine 13 [Driver]) - c:\windows\system32\drivers\slee13.sys
R1 YapperNutVirtualAudioCable (YapperNut Virtual Audio Cable) - c:\windows\system32\drivers\ynvackmd.sys
R3 AnyDVD - c:\windows\system32\drivers\anydvd.sys
R3 Bcim (Bandwidth Controller kernel component) - c:\windows\system32\drivers\bcim.sys
R3 HCWBT8xx (Hauppauge WinTV 848/9 WDM Video Driver) - c:\windows\system32\drivers\hcwbt8xx.sys
R3 pcouffin (VSO Software pcouffin) - c:\windows\system32\drivers\pcouffin.sys
R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys
R3 UltraMonMirror - c:\windows\system32\drivers\ultramonmirror.sys

S2 TICalc - c:\windows\system32\drivers\ticalc.sys
S2 UltraMonUtility (UltraMon Utility Driver) - c:\program files\common files\realtime soft\ultramonmirrordrv\x32\ultramonutility.sys
S3 BTCOMM - c:\windows\system32\drivers\btcomm.sys (file missing)
S3 BTKRNBDG (Bluetooth COM Bridge) - c:\windows\system32\drivers\btkrnbdg.sys (file missing)
S3 CSRBC01 (%CSRBC01.SvcDesc%) - c:\windows\system32\drivers\csrbc01.sys (file missing)
S3 FT8591 (FT8591 Filter) - c:\windows\system32\drivers\ft8591.sys
S3 KS-959 (Kingsun KS-959 USB Infrared Adapter) - c:\windows\system32\drivers\ks-959.sys
S3 TIEHDUSB - c:\windows\system32\drivers\tiehdusb.sys
S3 vad_multi (Windigo Virtual Audio Device (WDM)) - c:\windows\system32\drivers\vadmulti.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

S2 AcrSch2Svc (Acronis Scheduler2 Service) - "c:\program files\common files\acronis\schedule2\schedul2.exe" (file missing)
S2 bcserver (Traffic Shaper XP Server) - c:\program files\traffic shaper xp\server\bcserver.service
S2 Bonjour Service - c:\program files\gizmo5\mdnsresponder.exe
S2 RichVideo (Cyberlink RichVideo Service(CRVS)) - "c:\program files\cyberlink\shared files\richvideo.exe"
S2 Steganos AntiTheft - c:\windows\system32\\satsrv.exe
S3 AresChatServer (Ares Chatroom server) - c:\program files\ares\chatserver.exe
S3 NBService - c:\program files\nero\nero 7\nero backitup\nbservice.exe
S3 NMIndexingService - "c:\program files\common files\ahead\lib\nmindexingservice.exe"
S3 nmraapache (Pure Networks Net2Go Service) - "c:\program files\pure networks\network magic\webserver\bin\nmraapache.exe" -k runservice


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-04-22 18:54:04 280 --a------ C:\WINDOWS\Tasks\Uniblue SpyEraser Nag.job
2008-04-22 18:53:32 354 --a------ C:\WINDOWS\Tasks\Uniblue SpyEraser.job
2008-04-18 17:30:13 392 --a------ C:\WINDOWS\Tasks\1-Click Maintenance.job


-- Files created between 2008-03-24 and 2008-04-24 -----------------------------

2008-04-24 21:11:17 0 d-------- C:\VundoFix Backups
2008-04-23 21:29:13 0 d-------- C:\Documents and Settings\Administrator\Application Data\HP
2008-04-23 21:28:53 0 d-------- C:\Documents and Settings\Administrator\Application Data\ATI
2008-04-23 21:28:52 0 d-------- C:\Documents and Settings\Administrator\Application Data\Realtime Soft
2008-04-23 21:28:34 0 d-------- C:\Documents and Settings\Administrator\Application Data\Identities
2008-04-23 21:28:26 0 dr------- C:\Documents and Settings\Administrator\Favorites
2008-04-23 21:28:26 0 d-------- C:\Documents and Settings\Administrator\Desktop
2008-04-23 21:28:26 0 d--hs---- C:\Documents and Settings\Administrator\Cookies
2008-04-23 21:28:26 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2008-04-23 21:28:26 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-04-23 21:28:25 0 d--h----- C:\Documents and Settings\Administrator\Templates
2008-04-23 21:28:25 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2008-04-23 21:28:25 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2008-04-23 21:28:25 0 dr-h----- C:\Documents and Settings\Administrator\Recent
2008-04-23 21:28:25 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2008-04-23 21:28:25 1048576 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2008-04-23 21:28:25 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2008-04-23 21:28:25 0 dr------- C:\Documents and Settings\Administrator\My Documents
2008-04-23 21:28:25 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2008-04-23 18:51:39 0 d-------- C:\Documents and Settings\Timothy Leung\Application Data\Malwarebytes
2008-04-23 18:51:31 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-04-23 18:51:31 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-04-23 18:49:06 0 d--hs---- C:\WINDOWS\CSC
2008-04-23 00:08:22 0 d-------- C:\HJT
2008-04-22 21:00:37 0 d-------- C:\Documents and Settings\Timothy Leung\Application Data\Symantec
2008-04-22 18:42:19 0 d-------- C:\Documents and Settings\All Users\Application Data\Uniblue
2008-04-22 18:42:14 0 d-------- C:\Documents and Settings\Timothy Leung\Application Data\Uniblue
2008-04-22 18:41:48 0 d-------- C:\Program Files\Uniblue
2008-04-22 17:41:12 7964 --a------ C:\WINDOWS\system32\djrpojmu.dll
2008-04-22 17:40:14 10752 --a------ C:\WINDOWS\DCEBoot.exe
2008-04-21 23:59:46 200307 --ahs---- C:\WINDOWS\system32\KUENonmp.ini2
2008-04-21 23:59:16 0 d-------- C:\Program Files\Norton Ghost
2008-04-18 01:18:59 0 d-------- C:\Documents and Settings\All Users\Application Data\IM
2008-04-17 22:14:29 0 d-------- C:\Documents and Settings\All Users\Application Data\IncrediMail
2008-04-15 23:29:59 0 d-------- C:\Program Files\Common Files\Pure Networks Shared
2008-04-15 23:29:56 0 d-------- C:\Program Files\Pure Networks
2008-04-05 23:37:26 0 d-------- C:\Documents and Settings\All Users\Application Data\Pure Networks
2008-04-05 22:20:49 0 d-------- C:\Program Files\SJphone
2008-04-05 19:57:26 57344 --a------ C:\WINDOWS\system32\FaxMonitor.dll
2008-04-05 19:57:26 245760 --a------ C:\WINDOWS\system32\FaxHelper.exe
2008-04-05 19:57:24 0 d-------- C:\Program Files\vbuzzer
2008-04-04 22:48:54 0 d-------- C:\Documents and Settings\Timothy Leung\Application Data\Gizmo5
2008-04-04 22:48:46 0 d-------- C:\Program Files\Gizmo5
2008-04-02 23:18:35 0 d-------- C:\Program Files\Cirond
2008-04-02 22:38:33 0 d-------- C:\Program Files\Spectec
2008-04-02 22:15:28 0 d-------- C:\iPAQ
2008-04-02 17:48:34 0 d-------- C:\Program Files\GOPC
2008-04-01 18:50:08 0 d-------- C:\Documents and Settings\Timothy Leung\Application Data\Rokario
2008-04-01 18:50:02 0 d-------- C:\Program Files\Bandwidth Monitor
2008-04-01 18:10:51 0 d-------- C:\Program Files\OpenVideoConverter
2008-03-31 19:29:01 0 d-------- C:\Program Files\Aspecto Software
2008-03-31 19:16:00 0 d-------- C:\Program Files\PocketPC
2008-03-30 21:46:26 90112 --a------ C:\WINDOWS\unvise32.exe
2008-03-30 21:44:02 0 d-------- C:\Program Files\Handmark
2008-03-30 21:33:39 0 d-------- C:\Program Files\Astraware
2008-03-30 00:03:18 0 d-------- C:\WINDOWS\IIS Temporary Compressed Files
2008-03-30 00:02:51 0 d-------- C:\WINDOWS\system32\Cache
2008-03-30 00:00:41 0 d-------- C:\Inetpub
2008-03-29 17:10:12 0 d-------- C:\Program Files\Home Ftp Server
2008-03-29 16:41:56 0 d-------- C:\ftproot
2008-03-29 14:32:29 0 d-------- C:\Program Files\File Splitter Deluxe
2008-03-28 23:49:30 0 d-------- C:\Program Files\Steganos Security Suite 2006
2008-03-27 21:40:01 0 d-------- C:\Program Files\Card and Invitation maker


-- Find3M Report ---------------------------------------------------------------

2008-04-24 21:19:02 0 d-------- C:\Program Files\PowerISO
2008-04-22 22:36:26 0 d-------- C:\Documents and Settings\Timothy Leung\Application Data\Skype
2008-04-22 22:19:26 0 d-------- C:\Documents and Settings\Timothy Leung\Application Data\skypePM
2008-04-22 00:20:08 0 d-------- C:\Program Files\PeerGuardian2
2008-04-22 00:20:08 0 d-------- C:\Documents and Settings\Timothy Leung\Application Data\uTorrent
2008-04-21 23:59:31 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-04-21 23:52:42 0 d-------- C:\Program Files\MagicISO
2008-04-20 18:58:52 56664 --a------ C:\Documents and Settings\Timothy Leung\Application Data\GDIPFONTCACHEV1.DAT
2008-04-19 23:17:28 0 d-------- C:\Program Files\IncrediMail
2008-04-19 17:49:47 0 d-------- C:\Program Files\Image for Windows
2008-04-15 23:30:19 0 d-------- C:\Program Files\DIFX
2008-04-15 23:29:59 0 d-------- C:\Program Files\Common Files
2008-04-13 20:31:03 0 d-------- C:\Program Files\eMule
2008-04-07 23:01:27 0 d-------- C:\Documents and Settings\Timothy Leung\Application Data\Vso
2008-04-06 16:05:16 0 d-------- C:\Program Files\Skype
2008-04-05 22:42:42 0 d-------- C:\Program Files\Microsoft ActiveSync
2008-03-31 21:53:35 0 d-------- C:\Program Files\MSN Messenger
2008-03-31 21:53:35 0 d-------- C:\Program Files\Messenger Plus! Live
2008-03-23 16:30:13 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-03-19 18:30:57 0 d-------- C:\Program Files\CloneCD
2008-03-19 12:26:47 0 d-------- C:\Program Files\Microsoft Games
2008-03-13 16:50:13 0 d-------- C:\Program Files\Traffic Shaper XP
2008-03-12 21:14:17 0 d-------- C:\Program Files\NetPeeker
2008-03-12 21:07:59 0 d-------- C:\Documents and Settings\Timothy Leung\Application Data\Locktime
2008-03-09 15:59:06 0 d-------- C:\Program Files\DVD Decrypter
2008-03-09 14:45:37 0 d-------- C:\Documents and Settings\Timothy Leung\Application Data\Real
2008-03-06 00:51:26 0 d-------- C:\Program Files\Password Revealer
2008-03-06 00:18:21 0 d-------- C:\Documents and Settings\Timothy Leung\Application Data\VoipBuster
2008-02-27 23:02:56 0 d-------- C:\Documents and Settings\Timothy Leung\Application Data\Sports Interactive


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3762B068-17B9-45A0-8A6D-BB7CA99A2032}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8037E5A4-DB3A-4A88-AC6B-F90C1D03AE2D}]
C:\WINDOWS\system32\rqRLfgHY.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [03/12/2007 06:30 PM]
"UltraMon"="C:\Program Files\UltraMon\UltraMon.exe" [05/14/2005 06:23 PM]
"type32"="C:\Program Files\Microsoft IntelliType Pro\type32.exe" [06/03/2004 01:51 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [09/25/2007 02:11 AM]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [11/10/2006 12:35 PM]
"RTHDCPL"="RTHDCPL.EXE" [03/20/2007 11:49 PM C:\WINDOWS\RTHDCPL.exe]
"pccguide.exe"="C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe" [01/23/2007 02:26 PM]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [01/12/2006 03:40 PM]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\point32.exe" [06/03/2004 01:50 AM]
"BluetoothAuthenticationAgent"="bthprops.cpl" [08/03/2004 09:56 PM C:\WINDOWS\system32\bthprops.cpl]
"amd_dc_opt"="C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [11/17/2006 04:49 PM]
"Microsoft Works Update Detection"="C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [07/16/2002 01:21 PM]
"Alcmtr"="ALCMTR.EXE" [05/03/2005 03:43 AM C:\WINDOWS\Alcmtr.exe]
"nmapp"="C:\Program Files\Pure Networks\Network Magic\nmapp.exe" [03/14/2007 03:42 PM]
"Microsoft Updates"="svehost.exe" []
"Norton Ghost 14.0"="C:\Program Files\Norton Ghost\Agent\VProTray.exe" [01/19/2008 08:01 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [11/13/2006 02:39 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/03/2004 09:56 PM]
"Softany Monitor Control"="C:\Program Files\Monitor Control\MonitorControl.exe" [08/09/2005 08:13 AM]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [08/21/2007 11:39 PM]
"Vbuzzer Messenger"="C:\Program Files\vbuzzer\VBuzzer.exe" [03/13/2008 08:36 AM]
"IncrediMail"="C:\PROGRA~1\INCRED~1\bin\IncMail.exe" [06/19/2006 05:26 PM]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [01/28/2008 11:43 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
"Microsoft Updates"=svehost.exe

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"SSS2006"="C:\Program Files\Steganos Security Suite 2006\SSS2006.exe" -firstboot

C:\Documents and Settings\Timothy Leung\Start Menu\Programs\Startup\
APC UPS Status.lnk - C:\Program Files\APC\APC PowerChute Personal Edition\Display.exe [7/31/2007 11:37:39 PM]
HDDlife.lnk - C:\Program Files\HDDlife\HDDlifePro.exe [11/11/2006 7:07:10 PM]
hicdeject.exe [8/2/2004 10:31:00 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [12/14/2004 4:44:06 AM]
AutoStart IR.lnk - C:\Program Files\WinTV\Ir.exe [7/28/2007 10:33:58 PM]
HP Digital Imaging Monitor.lnk - C:\Program Files\Hewlett-Packard\Deskjet F335\Digital Imaging\bin\hpqtra08.exe [2/19/2006 4:21:22 AM]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2/13/2001 1:01:04 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"AllowLegacyWebView"=1 (0x1)
"AllowUnhashedWebView"=1 (0x1)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Beyond TV.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Beyond TV.lnk
backup=C:\WINDOWS\pss\Beyond TV.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Timothy Leung^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=C:\Documents and Settings\Timothy Leung\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
"C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
"C:\Program Files\CloneCD\CloneCDTray.exe" /s

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
"C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\Hewlett-Packard\Deskjet F335\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iCall Internet Phone]
"C:\Program Files\iCall\iCall.exe" /startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
C:\Program Files\Nero\Nero 7\InCD\InCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
"C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]
C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OrderReminder]
C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
"C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TalkAndWrite]
C:\Program Files\Skype\TalkAndWrite\talkandwrite.exe /run

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UVS10 Preload]
C:\Program Files\Ulead Systems\Ulead VideoStudio 10\uvPL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VoipBuster]
"C:\Program Files\VoipBuster\VoipBuster.exe" -nosplash -minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Norton Ghost"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs BthServ
p2psvc p2psvc p2pimsvc p2pgasvc PNRPSvc

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp




-- Hosts -----------------------------------------------------------------------

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

8300 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2008-04-24 23:32:29 ------------





The Extra.txt info:



---------------------------------START----------------------


Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: AMD Athlon™ 64 X2 Dual Core Processor 3800+
CPU 1: AMD Athlon™ 64 X2 Dual Core Processor 3800+
Percentage of Memory in Use: 34%
Physical Memory (total/avail): 1918.41 MiB / 1250.08 MiB
Pagefile Memory (total/avail): 3811.65 MiB / 3255.7 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1916.04 MiB

C: is Fixed (NTFS) - 80 GiB total, 13.76 GiB free.
D: is Fixed (NTFS) - 90 GiB total, 50.1 GiB free.
E: is Fixed (NTFS) - 35 GiB total, 2.49 GiB free.
F: is Fixed (NTFS) - 27.88 GiB total, 0.34 GiB free.
G: is CDROM (No Media)
H: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - WDC WD2500JS-55NCB1 - 232.88 GiB - 4 partitions
\PARTITION0 (bootable) - Installable File System - 80 GiB - C:
\PARTITION1 - Installable File System - 90 GiB - D:
\PARTITION2 - Installable File System - 35 GiB - E:
\PARTITION3 - Installable File System - 27.88 GiB - F:



-- Security Center -------------------------------------------------------------

AUOptions is set to notify before install.
Windows Internal Firewall is disabled.

FirstRunDisabled is set.
AntiVirusDisableNotify is set.
FirewallDisableNotify is set.

FW: Norton Internet Worm Protection v2006 (Symantec) Disabled
FW: Trend Micro PC-cillin Internet Security (Firewall) v15 (Trend Micro, Inc.)
AV: Trend Micro PC-cillin Internet Security 2007 v15.30.1151 (Trend Micro, Inc.)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\iCall\\iCall.exe"="C:\\Program Files\\iCall\\iCall.exe:*:Enabled:iCall"
"C:\\Program Files\\IncrediMail\\bin\\IMApp.exe"="C:\\Program Files\\IncrediMail\\bin\\IMApp.exe:*:Enabled:IncrediMail"
"C:\\Program Files\\IncrediMail\\bin\\IncMail.exe"="C:\\Program Files\\IncrediMail\\bin\\IncMail.exe:*:Enabled:IncrediMail"
"C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"="C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe:*:Enabled:IncrediMail"
"C:\\Program Files\\Beyond TV\\BTVRegistrationService.exe"="C:\\Program Files\\Beyond TV\\BTVRegistrationService.exe:*:Enabled:Beyond TV Registration Service"
"C:\\Program Files\\Beyond TV\\BTVWebServiceProxy.exe"="C:\\Program Files\\Beyond TV\\BTVWebServiceProxy.exe:*:Enabled:Beyond TV Web Service Proxy"
"C:\\Program Files\\Beyond TV\\BTVLibraryService.exe"="C:\\Program Files\\Beyond TV\\BTVLibraryService.exe:*:Enabled:Beyond TV Library Service"
"C:\\Program Files\\Beyond TV\\BTVNetworkService.exe"="C:\\Program Files\\Beyond TV\\BTVNetworkService.exe:*:Enabled:Beyond TV Network Service"
"C:\\Program Files\\Beyond TV\\BTVRecordingEngine.exe"="C:\\Program Files\\Beyond TV\\BTVRecordingEngine.exe:*:Enabled:Beyond TV Recording Engine"
"C:\\Program Files\\Beyond TV\\BTVGuideDataLoader.exe"="C:\\Program Files\\Beyond TV\\BTVGuideDataLoader.exe:*:Enabled:Beyond TV Guide Data Loader"
"C:\\Program Files\\Beyond TV\\BTVSettingsService.exe"="C:\\Program Files\\Beyond TV\\BTVSettingsService.exe:*:Enabled:Beyond TV Settings Service"
"C:\\Program Files\\Beyond TV\\BTVTaskManagerService.exe"="C:\\Program Files\\Beyond TV\\BTVTaskManagerService.exe:*:Enabled:Beyond TV Task Manager Service"
"C:\\Program Files\\Beyond TV\\BTVD3DShell.exe"="C:\\Program Files\\Beyond TV\\BTVD3DShell.exe:*:Enabled:Beyond TV ViewScape"
"C:\\Program Files\\Hewlett-Packard\\Deskjet F335\\Digital Imaging\\bin\\hpqtra08.exe"="C:\\Program Files\\Hewlett-Packard\\Deskjet F335\\Digital Imaging\\bin\\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\\Program Files\\Hewlett-Packard\\Deskjet F335\\Digital Imaging\\bin\\hpqste08.exe"="C:\\Program Files\\Hewlett-Packard\\Deskjet F335\\Digital Imaging\\bin\\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\\Program Files\\Hewlett-Packard\\Deskjet F335\\Digital Imaging\\bin\\hpofxm08.exe"="C:\\Program Files\\Hewlett-Packard\\Deskjet F335\\Digital Imaging\\bin\\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\\Program Files\\Hewlett-Packard\\Deskjet F335\\Digital Imaging\\bin\\hposfx08.exe"="C:\\Program Files\\Hewlett-Packard\\Deskjet F335\\Digital Imaging\\bin\\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\\Program Files\\Hewlett-Packard\\Deskjet F335\\Digital Imaging\\bin\\hposid01.exe"="C:\\Program Files\\Hewlett-Packard\\Deskjet F335\\Digital Imaging\\bin\\hposid01.exe:*:Enabled:hposid01.exe"
"C:\\Program Files\\Hewlett-Packard\\Deskjet F335\\Digital Imaging\\bin\\hpqscnvw.exe"="C:\\Program Files\\Hewlett-Packard\\Deskjet F335\\Digital Imaging\\bin\\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\\Program Files\\Hewlett-Packard\\Deskjet F335\\Digital Imaging\\bin\\hpqkygrp.exe"="C:\\Program Files\\Hewlett-Packard\\Deskjet F335\\Digital Imaging\\bin\\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\\Program Files\\Hewlett-Packard\\Deskjet F335\\Digital Imaging\\bin\\hpqCopy.exe"="C:\\Program Files\\Hewlett-Packard\\Deskjet F335\\Digital Imaging\\bin\\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\\Program Files\\Hewlett-Packard\\Deskjet F335\\Digital Imaging\\bin\\hpfccopy.exe"="C:\\Program Files\\Hewlett-Packard\\Deskjet F335\\Digital Imaging\\bin\\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\\Program Files\\Hewlett-Packard\\Deskjet F335\\Digital Imaging\\bin\\hpzwiz01.exe"="C:\\Program Files\\Hewlett-Packard\\Deskjet F335\\Digital Imaging\\bin\\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\\Program Files\\Hewlett-Packard\\Deskjet F335\\Digital Imaging\\bin\\hpoews01.exe"="C:\\Program Files\\Hewlett-Packard\\Deskjet F335\\Digital Imaging\\bin\\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\\Program Files\\Hewlett-Packard\\Deskjet F335\\Digital Imaging\\bin\\hpqnrs08.exe"="C:\\Program Files\\Hewlett-Packard\\Deskjet F335\\Digital Imaging\\bin\\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\SnapStream Media\\Beyond TV\\BTVRegistrationService.exe"="C:\\Program Files\\SnapStream Media\\Beyond TV\\BTVRegistrationService.exe:*:Enabled:Beyond TV Registration Service"
"C:\\Program Files\\SnapStream Media\\Beyond TV\\BTVWebServiceProxy.exe"="C:\\Program Files\\SnapStream Media\\Beyond TV\\BTVWebServiceProxy.exe:*:Enabled:Beyond TV Web Service Proxy"
"C:\\Program Files\\SnapStream Media\\Beyond TV\\BTVLibraryService.exe"="C:\\Program Files\\SnapStream Media\\Beyond TV\\BTVLibraryService.exe:*:Enabled:Beyond TV Library Service"
"C:\\Program Files\\SnapStream Media\\Beyond TV\\BTVNetworkService.exe"="C:\\Program Files\\SnapStream Media\\Beyond TV\\BTVNetworkService.exe:*:Enabled:Beyond TV Network Service"
"C:\\Program Files\\SnapStream Media\\Beyond TV\\BTVRecordingEngine.exe"="C:\\Program Files\\SnapStream Media\\Beyond TV\\BTVRecordingEngine.exe:*:Enabled:Beyond TV Recording Engine"
"C:\\Program Files\\SnapStream Media\\Beyond TV\\BTVGuideDataLoader.exe"="C:\\Program Files\\SnapStream Media\\Beyond TV\\BTVGuideDataLoader.exe:*:Enabled:Beyond TV Guide Data Loader"
"C:\\Program Files\\SnapStream Media\\Beyond TV\\BTVSettingsService.exe"="C:\\Program Files\\SnapStream Media\\Beyond TV\\BTVSettingsService.exe:*:Enabled:Beyond TV Settings Service"
"C:\\Program Files\\SnapStream Media\\Beyond TV\\BTVTaskManagerService.exe"="C:\\Program Files\\SnapStream Media\\Beyond TV\\BTVTaskManagerService.exe:*:Enabled:Beyond TV Task Manager Service"
"C:\\Program Files\\SnapStream Media\\Beyond TV\\BTVD3DShell.exe"="C:\\Program Files\\SnapStream Media\\Beyond TV\\BTVD3DShell.exe:*:Enabled:Beyond TV ViewScape"
"C:\\Program Files\\Ares\\Ares.exe"="C:\\Program Files\\Ares\\Ares.exe:*:Enabled:Ares"
"C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:µTorrent"
"C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"="C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe:*:Enabled:Remote Assistance - Windows Messenger and Voice"
"C:\\Program Files\\VoipBuster\\VoipBuster.exe"="C:\\Program Files\\VoipBuster\\VoipBuster.exe:*:Enabled:VoipBuster"
"C:\\Program Files\\Cerberus FTP server\\Cerberus.exe"="C:\\Program Files\\Cerberus FTP server\\Cerberus.exe:*:Enabled:Cerberus FTP Server"
"C:\\Program Files\\Gizmo5\\mDNSResponder.exe"="C:\\Program Files\\Gizmo5\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\Gizmo5\\Gizmo5.exe"="C:\\Program Files\\Gizmo5\\Gizmo5.exe:*:Enabled:Gizmo5"
"C:\\Program Files\\vbuzzer\\VBuzzer.exe"="C:\\Program Files\\vbuzzer\\VBuzzer.exe:*:Enabled:VBuzzer Messenger"
"C:\\Documents and Settings\\Timothy Leung\\Local Settings\\Temp\\Temporary Directory 2 for Incredimail + Patches.zip\\magentic_installBuild 296.exe"="C:\\Documents and Settings\\Timothy Leung\\Local Settings\\Temp\\Temporary Directory 2 for Incredimail + Patches.zip\\magentic_installBuild 296.exe:*:Enabled:IncrediMail Installer"
"C:\\Documents and Settings\\Timothy Leung\\Local Settings\\Temp\\ImInstaller\\Magentic\\magentic_installBuild 296.exe"="C:\\Documents and Settings\\Timothy Leung\\Local Settings\\Temp\\ImInstaller\\Magentic\\magentic_installBuild 296.exe:*:Enabled:IncrediMail Installer"
"C:\\Program Files\\IncrediMail\\bin\\IncMail_old.exe"="C:\\Program Files\\IncrediMail\\bin\\IncMail_old.exe:*:Enabled:IncrediMail"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Timothy Leung\Application Data
CLASSPATH=C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=LEUNG-38FC9C6D6
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
GTK_BASEPATH=C:\Program Files\Common Files\GTK\2.0
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Timothy Leung
LOGONSERVER=\\LEUNG-38FC9C6D6
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\Program Files\Mozilla Firefox;C:\Program Files\Mozilla Firefox;C:\WINDOWS\system32;C:\WINDOWS;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Common Files\Ulead Systems\MPEG;%SystemRoot%;%SystemRoot%\system32;%SystemRoot%\system32\Wbem;C:\Windows\system32\Wbem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 75 Stepping 2, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=4b02
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
SAFEBOOT_OPTION=NETWORK
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\TIMOTH~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\TIMOTH~1\LOCALS~1\Temp
ULTRAMON_LANGDIR=C:\Program Files\UltraMon\Resources\en
USERDOMAIN=LEUNG-38FC9C6D6
USERNAME=Timothy Leung
USERPROFILE=C:\Documents and Settings\Timothy Leung
windir=C:\WINDOWS
__COMPAT_LAYER=EnableNXShowUI


-- User Profiles ---------------------------------------------------------------

Timothy Leung (admin)
Other Users
Administrator (new local, admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
--> C:\Program Files\Nero\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\WINDOWS\NuNInst.exe /UNINSTALL
--> C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
µTorrent --> "C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
3D Driving-School --> "C:\Games\3D Driving-School\uninstall.exe"
7-Zip 4.42 --> "C:\Program Files\7-Zip\Uninstall.exe"
Adobe Bridge 1.0 --> MsiExec.exe /I{B74D4E10-1033-0000-0000-000000000001}
Adobe Common File Installer --> MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39}
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Help Center 1.0 --> MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001}
Adobe InDesign CS2 --> msiexec /I{7F4C8163-F259-49A0-A018-2857A90578BC}
Adobe Photoshop CS2 --> msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D}
Adobe Reader 7.0 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70000000000}
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Adobe Stock Photos 1.0 --> MsiExec.exe /I{786C5747-1033-0000-B58E-000000000001}
Amy --> MsiExec.exe /I{AE2C5C63-8B2A-4889-8443-4E224D685648}
AnyDVD --> "C:\Program Files\SlySoft\AnyDVD\AnyDVD-uninst.exe" /D="C:\Program Files\SlySoft\AnyDVD"
APC PowerChute Personal Edition --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5A0C892E-FD1C-4203-941E-0956AED20A6A}\Setup.exe" -l0x9
Aplus Video To Pocket PC Converter 8.28 --> "C:\Program Files\Aplus Video To Pocket PC Converter\unins000.exe"
Ares 2.0.9 --> "C:\Program Files\Ares\uninstall.exe"
Astraware Sudoku for Pocket PC --> C:\Program Files\Astraware\Astraware Sudoku for Pocket PC\uninst.exe
ASUSUpdate --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{587178E7-B1DF-494E-9838-FA4DD36E873C}\setup.exe" -l0x9
ATI - Software Uninstall Utility --> C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Catalyst Control Center --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{055EE59D-217B-43A7-ABFF-507B966405D8}\setup.exe" -l0x0
ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
ATI Parental Control & Encoder --> MsiExec.exe /I{36CDA33B-909B-4719-97D1-C4B99309BDC7}
AVI Splitter --> "C:\Program Files\avisplit\unins000.exe"
AviSplit Classic Version 1.43 --> "C:\Program Files\AviSplit classic\unins000.exe"
Bandwidth Monitor --> "C:\Program Files\Bandwidth Monitor\unins000.exe"
Burn To The Brim 2.9.0 --> "C:\Program Files\Burn To The Brim\uninstall.exe"
Canon Camera Window for ZoomBrowser EX --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{093625E3-7B87-49D3-AA53-AD0FCFABAF49}
Canon PhotoRecord --> C:\WINDOWS\IsUninst.exe -fC:\PROGRA~1\Canon\PhotoRecord\Uninst.isu -c"C:\PROGRA~1\Canon\PhotoRecord\Program\uninstdll.dll"
Canon Utilities File Viewer Utility 1.2 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{EF0DD8B7-471C-463B-A298-6066C2FABAF5}
Canon Utilities PhotoStitch 3.1 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{03CDDD00-BD57-4326-9480-4C74449AF597}
Canon Utilities RemoteCapture 2.7 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{BEB03A1A-1EB6-48EB-9985-8B97315EE5C0}
Canon Utilities ZoomBrowser EX --> MsiExec.exe /X{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2}
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
CD MP3 Burner 2.15 --> "C:\Program Files\CD MP3 Burner\unins000.exe"
CDBurnerXP Pro 3 --> MsiExec.exe /I{896D642C-7125-44F0-AC49-A23ABF82209C}
Cheat Engine 5.2 --> "C:\Program Files\Cheat Engine\unins000.exe"
CloneCD --> "C:\Program Files\CloneCD\ccd-uninst.exe" /D="C:\Program Files\CloneCD"
CloneDVD2 --> "C:\Program Files\Elaborate Bytes\CloneDVD2\CloneDVD2-uninst.exe" /D="C:\Program Files\Elaborate Bytes\CloneDVD2"
ConvertXtoDVD 2.1.5.173 --> "C:\Program Files\ConvertXtoDVD\unins000.exe"
Cool & Quiet --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1ADE1AA0-7F82-4BB1-B1BD-727DE438057B}\setup.exe" -l0x9
Disk Doctors Instant File Recovery 1.0.1 --> "C:\Program Files\Disk Doctors Instant File Recovery\unins000.exe"
DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter --> C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
Dual-Core Optimizer --> MsiExec.exe /X{BCA02FAD-2C86-4C8C-A815-51C09F4E51FF}
DVD-lab PRO 1.53 --> "C:\Program Files\DVDlabPro\unins000.exe"
DVD Decrypter (Remove Only) --> "C:\Program Files\DVD Decrypter\uninstall.exe"
DVD Shrink 3.2 --> "C:\Program Files\DVD Shrink\unins000.exe"
DVD Suite --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\setup.exe" -uninstall
DVDStyler v1.5.1 --> "C:\Program Files\DVDStyler\unins000.exe"
eMule --> "C:\Program Files\eMule\Uninstall.exe"
ERUNT 1.1j --> "C:\Program Files\ERUNT\unins000.exe"
File Splitter Deluxe (Trial) --> "C:\Program Files\File Splitter Deluxe\unins000.exe"
FileZilla (remove only) --> "C:\Program Files\FileZilla\uninstall.exe"
FLV Player --> "C:\WINDOWS\FLV Player\uninstall.exe" "/U:C:\Program Files\FLV Player\Uninstall\uninstall.xml"
FreeUndelete --> C:\Program Files\FreeUndelete\GLF261.exe /handle:fru
fring --> C:\Program Files\Microsoft ActiveSync\fring\Uninstall.exe fring
Gizmo5 --> C:\Program Files\Gizmo5\uninst.exe
GM Hockey 2.1 --> "C:\Games\GM Hockey\unins000.exe"
GOPC 3.1 --> N:\GOPC\uninst.exe
Grand Theft Auto Vice City --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4B35F00C-E63D-40DC-9839-DF15A33EAC46}\Setup.exe" -l0x9
GTK+ 2.8.8 RC2 English --> "C:\Program Files\Common Files\GTK\unins000.exe"
Hauppauge English Help Files and Resources --> C:\PROGRA~1\WinTV\UNHLPeng.EXE C:\PROGRA~1\WinTV\WTV2Keng.LOG
Hauppauge WinTV Infrared Remote --> C:\PROGRA~1\WinTV\UNir32.EXE C:\PROGRA~1\WinTV\ir32.LOG
Hauppauge WinTV Scheduler --> C:\PROGRA~1\WinTV\SCHEDU~1\UNWISE.EXE C:\PROGRA~1\WinTV\SCHEDU~1\INSTALL.LOG
Hauppauge WinTV Soft PVR --> C:\PROGRA~1\WinTV\UNSftPVR.EXE C:\PROGRA~1\WinTV\softpvr.LOG
Hauppauge WinTV Source Selector --> C:\PROGRA~1\WinTV\UNtvsel.EXE C:\PROGRA~1\WinTV\WINTVsel.LOG
Hauppauge WinTV2000 --> C:\PROGRA~1\WinTV\UNTV32.EXE C:\PROGRA~1\WinTV\WINTV2K.LOG
HDDlife --> MsiExec.exe /I{E094AAD6-A0A8-4AE3-B4FE-2321D693C73F}
High Definition Audio Driver Package - KB888111 --> "C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 1.99.1 --> C:\HJT\HijackThis.exe /uninstall
Home Ftp Server 1.4.5.89 --> "C:\Program Files\Home Ftp Server\unins000.exe"
HP Imaging Device Functions 7.0 --> C:\Program Files\Hewlett-Packard\Deskjet F335\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP OrderReminder --> "C:\Program Files\Hewlett-Packard\OrderReminder\uninstall\hpuninstaller.exe" hp_LaserJet_1018
HP Photosmart Essential --> MsiExec.exe /X{6994491D-D491-48F1-AE1F-E179C1FFFC2F}
HP Photosmart, Officejet and Deskjet 7.0.A --> C:\Program Files\Hewlett-Packard\Deskjet F335\Digital Imaging\{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}\setup\hpzscr01.exe -datfile hposcr11.dat
HP Solution Center 7.0 --> C:\Program Files\Hewlett-Packard\Deskjet F335\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
iCall --> "C:\Program Files\iCall\unins000.exe"
Image for Windows 1.70a --> "C:\Program Files\Image for Windows\unins000.exe"
IncrediMail Xe --> C:\PROGRA~1\INCRED~1\bin\imsetup.exe /remove /addon:IncrediMail /log:IncMail.log
Internet Download Manager --> C:\Program Files\Internet Download Manager\Uninstall.exe
Java™ 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Kaspersky Online Scanner --> C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
LaserJet 1018 --> C:\Program Files\Zenographics\{96B4BCBB-EA38-462E-813A-C6C3F44E420D}\setup.exe -u "HPLJInstaller.dll=Hplj1018.inf"
Let's Make --> C:\Program Files\Card and Invitation maker\unstall.exe
Lexmark X1100 Series --> C:\WINDOWS\system32\spool\drivers\w32x86\3\LXBKUN5C.EXE -dLexmark X1100 Series
LiveUpdate 3.2 (Symantec Corporation) --> "C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
LiveUpdate Notice (Symantec Corporation) --> MsiExec.exe /X{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}
Macromedia Dreamweaver MX 2004 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{05BB2EC5-6BEF-4DDC-9E75-BEE7B161157A}\Setup.exe" -l0x9 mmUninstall
Macromedia Extension Manager --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A5BA14E0-7384-11D4-BAE7-00409631A2C8}\setup.exe" -l0x9 mmUninstall
Magic ISO Maker v5.4 (build 0239) --> C:\PROGRA~1\MagicISO\UNWISE.EXE C:\PROGRA~1\MagicISO\INSTALL.LOG
Malwarebytes' Anti-Malware --> "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
MediaFACE 4.01 --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{41979C2F-34B8-4F92-8111-B13C5864682D} /l1033
Messenger Plus! Live --> "C:\Program Files\Messenger Plus! Live\Uninstall.exe"
Microsoft ActiveSync --> MsiExec.exe /I{99052DB7-9592-4522-A558-5417BBAD48EE}
Microsoft Flight Simulator 2004 A Century of Flight --> "C:\Program Files\Microsoft Games\Flight Simulator 9\UNINSTAL.EXE" /runtemp /addremove
Microsoft Office XP Professional with FrontPage --> MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9}
Microsoft Picture It! Express 7.0 --> MsiExec.exe /I{369B36BE-3D64-4641-9AEA-808D436FE130}
Microsoft Plus! Digital Media Edition --> MsiExec.exe /I{C6A7AF96-4EB1-4AAE-8318-1AB393C64F88}
Microsoft Virtual PC 2004 --> MsiExec.exe /X{CCCAFDDE-ECEC-4AE4-BD97-047076BBD4A9}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mozilla Firefox (2.0.0.14) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MPEG Splitter version 2.2 --> "C:\Program Files\Mpeg splitter\unins000.exe"
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
Need For Speed Hot Pursuit 2 --> C:\Games\EA SPORTS\NFS Hot Pursuit 2\EAUninstall.exe
Nero 7 Essentials --> MsiExec.exe /X{AAB93551-3FFE-42B2-8315-96252BBC1033}
NeroVision Express 3 --> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
NetPeeker 2.83 --> C:\Program Files\NetPeeker\uninstall.exe cfg="C:\Program Files\NetPeeker\UNINSTALL.CFG" /all
Network Magic --> MsiExec.exe /X{D5773BFA-5967-4A1C-AD0F-FFFD0D13FC36}
NHL® 08 --> MsiExec.exe /X{A7AA93B6-6909-4073-B4EC-45CCDEFD4665}
NHL07 --> C:\Games\EA SPORTS\NHL07\EAUninstall.exe
NJStar Communicator --> "C:\Program Files\NJStar Communicator\Remove.exe" /U:"C:\Program Files\NJStar Communicator\Remove.log"
Norton Ghost --> MsiExec.exe /I{B0255743-165B-4BD5-8DA8-37DFB9930014}
OCR Software by I.R.I.S 7.0 --> C:\Program Files\Hewlett-Packard\Deskjet F335\Digital Imaging\OCR\hpzscr01.exe -datfile hpqbud11.dat
Open Video Converter version 3.0.1 --> "C:\Program Files\OpenVideoConverter\unins000.exe"
Opera 9.22 --> MsiExec.exe /X{7AF56274-3D8C-4CCE-AD7A-25FD4D27B9F3}
OptiNet (remove only) --> "C:\Program Files\OptiNet\uninst.exe"
OSMEIP Version 0.1 Gamma Edition --> "C:\Program Files\MacEmu\unins000.exe"
OutPosted --> "C:\Program Files\OutPosted\unins000.exe"
Pamela Basic 4.0 --> C:\Program Files\Pamela\Uninst.exe
PC Probe II --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F7338FA3-DAB5-49B2-900D-0AFB5760C166}\setup.exe" -l0x9
PearPC Control Panel --> MsiExec.exe /I{0BFAC643-2440-43E3-8E5A-CA24EC350E0D}
PeerGuardian 2.0 --> "C:\Program Files\PeerGuardian2\unins000.exe"
Photo to VCD SVCD DVD Converter 2.1 --> "C:\Program Files\Photo to VCD SVCD DVD Converter\unins000.exe"
Photo2VCD Professional --> "C:\Program Files\Photo2VCD Professional\unins000.exe"
pocketWiNc --> MsiExec.exe /I{3AC7C227-1346-488C-9D7E-D803CED1EA8A}
pocketWinc --> MsiExec.exe /I{DD4BD7B7-C36C-41E2-B2CE-4EA999946496}
PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
PowerISO --> "C:\Program Files\PowerISO\uninstall.exe"
PPC 2003 - MSN ® Messenger Update --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{CF56B6FC-F26B-4493-802B-2E5EA74DC775}
PS to USB convert cable --> C:\PROGRA~1\PSTOUS~1\UNWISE.EXE C:\PROGRA~1\PSTOUS~1\INSTALL.LOG
Quick AVI MPEG Joiner v2.0 --> "C:\Program Files\Quick AVI MPEG Joiner\unins000.exe"
Quick MPEG Splitter v2.0 --> "C:\Program Files\Quick MPEG Splitter\unins000.exe"
QuickTime --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{3868A8EE-5051-4DB0-8DF6-4F4B8A98D083} /l1033
RamBooster --> C:\Program Files\RamBooster 2.0\Uninst.exe /pid:{ADE3CACC-EC31-480C-83A0-587EE60CE8DF} /asd
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
REALTEK GbE & FE Ethernet PCI-E NIC Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C9BED750-1211-4480-B1A5-718A3BE15525}\Setup.exe" -l0x9 -removeonly
Realtek High Definition Audio Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\setup.exe" -l0x9 -removeonly
SDP Downloader --> MsiExec.exe /I{B547CB8D-549A-436E-97B5-E79F911B11E2}
Shutter --> "C:\Program Files\Shutter\unins000.exe"
Skype™ 3.6 --> MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
Skype™ for Pocket PC 2.2 --> "C:\Program Files\Skype\Pocket PC\unins000.exe"
SnapStream Beyond TV 4.1.0 --> "C:\Program Files\SnapStream Media\Beyond TV\uninstall-btv.exe"
Softany Monitor Control 2.04 --> "C:\Program Files\Monitor Control\unins000.exe"
Sony Vegas Pro 8.0 --> MsiExec.exe /X{7C9AD221-994C-45B2-B46D-26F5735158CF}
Spb Full Screen Keyboard --> C:\Program Files\Microsoft ActiveSync\Spb Full Screen Keyboard\Uninstall.exe Spb Full Screen Keyboard
Spb Mobile DVD --> MsiExec.exe /X{A958E835-BDF0-473F-9DC1-0D952C941625}
Spectec SDIO WLAN-11b Card for PPC2003 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{81E035F2-E035-411E-9A3B-58D76BB94CC4} /l1033
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Steganos Security Suite 2006 (8.0.6) --> C:\Program Files\Steganos Security Suite 2006\uninstall.exe
SWFText --> C:\PROGRA~1\SWFText\UNWISE.EXE C:\PROGRA~1\SWFText\INSTALL.LOG
Symantec KB-DocID:2003093015493306 --> MsiExec.exe /I{08C5815C-2C6E-44f8-8748-0E61BC9AFB68}
Symantec Technical Support Web Controls --> MsiExec.exe /X{DDC63227-BA06-4855-B002-BDB49E9F677E}
TalkAndWrite --> "C:\Program Files\Skype\TalkAndWrite\unins000.exe"
Text Twist for Pocket PC --> C:\Program Files\Astraware\Text Twist for Pocket PC\uninst.exe
TI-Black Link --> C:\PROGRA~1\TIEDUC~1\BLACKL~1\Unwise.exe /U /Z C:\PROGRA~1\TIEDUC~1\BLACKL~1\Install.log
TI-Graph Link 83 Plus --> C:\PROGRA~1\TIEDUC~1\TI-GRA~1\UNWISE.EXE /U /Z C:\PROGRA~1\TIEDUC~1\TI-GRA~1\Install.log
TI Connect 1.6 --> MsiExec.exe /I{A8B94669-8654-4126-BD28-D0D2412CDED6}
TMPGEnc DVD Author 1.5 --> MsiExec.exe /I{F836B31F-4E5C-4DCB-88D7-6F9714B21D83}
TMPGEnc MPEG Editor 2.0 --> MsiExec.exe /I{06607A48-98DC-48F9-922F-40FD2D7FF6D1}
Traffic Shaper XP Client --> C:\Program Files\Traffic Shaper XP\Client\Uninstall.exe
Traffic Shaper XP Server --> C:\Program Files\Traffic Shaper XP\Server\Uninstall.exe
TranCreative Remote Keyboard (Desktop and Pocket PC) --> "C:\Program Files\Remote Keyboard\unins000.exe"
Trend Micro PC-cillin Internet Security 2007 --> C:\PROGRA~1\TRENDM~1\INTERN~1\remove.exe
Trend Micro PC-cillin Internet Security 2007 --> MsiExec.exe /X{BB4B6355-D38A-492C-873B-A1B2CF6C3832}
Trivial Pursuit® Handheld Edition for Windows Mobile Pocket PC --> C:\WINDOWS\unvise32.exe C:\Program Files\Handmark\Trivial Pursuit for Pocket PC\uninstal.log
TuneUp Utilities 2008 --> MsiExec.exe /I{5888428E-699C-4E71-BF71-94EE06B497DA}
Tweak UI --> "C:\WINDOWS\system32\mshta.exe" "res://C:\WINDOWS\system32\TweakUI.exe/uninstall.hta"
Ultra Video Splitter 3.4.4 --> "C:\Program Files\Ultra Video Splitter\unins000.exe"
UltraMon --> MsiExec.exe /I{9CDA9CA7-C5F0-4308-B160-6A477D900D6D}
Unlocker 1.8.5 --> C:\Program Files\Unlocker\uninst.exe
Vbuzzer Messenger --> C:\Program Files\vbuzzer\uninstall.exe
WiFiFoFum --> MsiExec.exe /I{F5A7052F-2AF4-4CBA-8951-26B91476BDAB}
Win AVI HelixSDK --> "C:\Program Files\WinAVIVideoConverter\HelixSDK\unins000.exe"
WinAVIVideoConverter --> "C:\Program Files\WinAVIVideoConverter\unins000.exe"
Windows Communication Foundation --> MsiExec.exe /X{491DD792-AD81-429C-9EB4-86DD3D22E333}
Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0) --> C:\PROGRA~1\DIFX\7B44739871F4D539FA473F57A832EA4B6A59EF06\DPInst.exe /d /u C:\WINDOWS\system32\DRVSTORE\amdk8_6FE44FCD212D4A086C7BC0C98B9A619782073FB7\amdk8.inf
Windows Driver Package - Pure Networks, Inc. Network Magic Device Discovery Driver (03/23/2007 4.1.7082.0) --> rundll32.exe C:\PROGRA~1\DIFX\B7A8D76A63BBE060C656AA54D656BF7D1C31D4C3\DIFxAppA.dll, DIFxARPUninstallDriverPackage C:\WINDOWS\system32\DRVSTORE\pnarp_5F686DCD97D2EA9F74BD89FAA7E73B89CD47B120\pnarp.inf
Windows Driver Package - Pure Networks, Inc. Network Magic Wireless Driver (03/23/2007 4.1.7082.0) --> rundll32.exe C:\PROGRA~1\DIFX\B7A8D76A63BBE060C656AA54D656BF7D1C31D4C3\DIFxAppA.dll, DIFxARPUninstallDriverPackage C:\WINDOWS\system32\DRVSTORE\purendis_9DF8D460DEEF667AF7B1AA85404140673EC025C2\purendis.inf
Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Live Messenger --> MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows Live Sign-in Assistant --> MsiExec.exe /I{49672EC2-171B-47B4-8CE7-50D7806360D7}
Windows Presentation Foundation --> MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows Vista Upgrade Advisor --> MsiExec.exe /I{F80BA35D-D1CD-4B8B-8129-9FC918F9D42D}
Windows Workflow Foundation --> MsiExec.exe /I{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
XML Paper Specification Shared Components Pack 1.0 -->
XviD MPEG-4 Codec --> "C:\Program Files\XviD\UninstXviD.exe"


-- Application Event Log -------------------------------------------------------

Event Record #/Type26514 / Error
Event Submitted/Written: 04/24/2008 10:15:45 PM
Event ID/Source: 1008 / MsiInstaller
Event Description:
The installation of C:\Program Files\Common Files\Wise Installation Wizard\WISCDDCBBF1270346BC938BBCC81A1EEAAA_4_0_0_1154.MSI is not permitted due to an error in software restriction policy processing. The object cannot be trusted.

Event Record #/Type26513 / Error
Event Submitted/Written: 04/24/2008 10:15:40 PM
Event ID/Source: 1008 / MsiInstaller
Event Description:
The installation of C:\Program Files\Common Files\Wise Installation Wizard\WISCDDCBBF1270346BC938BBCC81A1EEAAA_4_0_0_1154.MSI is not permitted due to an error in software restriction policy processing. The object cannot be trusted.

Event Record #/Type26510 / Error
Event Submitted/Written: 04/24/2008 09:50:09 PM
Event ID/Source: 4609 / EventSystem
Event Description:
The COM+ Event System detected a bad return code during its internal processing. HRESULT was 8007043C from line 44 of d:\qxp_slp\com\com1x\src\events\tier1\eventsystemobj.cpp. Please contact Microsoft Product Support Services to report this error.

Event Record #/Type26506 / Error
Event Submitted/Written: 04/24/2008 09:32:19 PM
Event ID/Source: 4609 / EventSystem
Event Description:
The COM+ Event System detected a bad return code during its internal processing. HRESULT was 8007043C from line 44 of d:\qxp_slp\com\com1x\src\events\tier1\eventsystemobj.cpp. Please contact Microsoft Product Support Services to report this error.

Event Record #/Type26502 / Error
Event Submitted/Written: 04/24/2008 09:23:05 PM
Event ID/Source: 1008 / MsiInstaller
Event Description:
The installation of C:\Program Files\Common Files\Wise Installation Wizard\WISCDDCBBF1270346BC938BBCC81A1EEAAA_4_0_0_1154.MSI is not permitted due to an error in software restriction policy processing. The object cannot be trusted.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type24369 / Error
Event Submitted/Written: 04/24/2008 09:50:48 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1084" attempting to start the service PcCtlCom with arguments "-Service"
in order to run the server:
{5F9DCAF1-2A98-4135-AEFF-8C76B1D7C52C}

Event Record #/Type24368 / Error
Event Submitted/Written: 04/24/2008 09:50:47 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1084" attempting to start the service PcCtlCom with arguments "-Service"
in order to run the server:
{5F9DCAF1-2A98-4135-AEFF-8C76B1D7C52C}

Event Record #/Type24367 / Error
Event Submitted/Written: 04/24/2008 09:50:46 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1084" attempting to start the service PcCtlCom with arguments "-Service"
in order to run the server:
{5F9DCAF1-2A98-4135-AEFF-8C76B1D7C52C}

Event Record #/Type24366 / Error
Event Submitted/Written: 04/24/2008 09:50:45 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1084" attempting to start the service PcCtlCom with arguments "-Service"
in order to run the server:
{5F9DCAF1-2A98-4135-AEFF-8C76B1D7C52C}

Event Record #/Type24365 / Error
Event Submitted/Written: 04/24/2008 09:50:44 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1084" attempting to start the service PcCtlCom with arguments "-Service"
in order to run the server:
{5F9DCAF1-2A98-4135-AEFF-8C76B1D7C52C}



-- End of Deckard's System Scanner: finished at 2008-04-24 23:32:29 ------------





Thanks very much in advance for your help

BC AdBot (Login to Remove)

 


m

#2 Rahina

Rahina

    Security Helper


  • Members
  • 681 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:12:57 PM

Posted 25 April 2008 - 03:26 PM

Hello and Welcome!

I do not recommend that you have more than one anti virus product installed and running on your computer at a time. The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:

1) False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
2) System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.

Therefore please go to add/remove in the control panel and remove either Trend Micro or Steganos Security Suite 2006. or Symantec/norton

If you have paid for all these products, then it is too bad.

Please aonly leave one Antivirus and 1 firewall installed, Looks like you have a few of those Secuirty suites so choose one of those and uninstall the rest. Because you won't nead them.

Let me know when you are done :thumbsup:
[ Antivirus ] [ Firewall ] [ Spywareblaster ] [ Malwarebytes Anti-Malware ] [ Windows update ] [ Firefox ] [ WinPatrol ] [ ATF Cleaner ]

If i have helped you, donate to help me continue helping others. Posted Image
Posted Image Posted Image

#3 funnytim

funnytim
  • Topic Starter

  • Members
  • 624 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:01:57 AM

Posted 25 April 2008 - 08:57 PM

Hi,

Thanks for the fast reply!

According to the program, isn't Steganos Security Suite 2006 supposed to be a privacy tool ( password protecting files), not antivirus?
That's why i had it installed along with Trend Micro.

But I've removed it for now.


thxs.


edit: i should also mention that previously I've been having problems with my computer just crashing + rebooting by itself (wayyy before i got the virus...I believe it's a STOP error?), it just happened to me a while ago. I don't think it's related, but I thought I'd mention it anyway.
The machine is less than one years old..

Edited by funnytim, 26 April 2008 - 01:09 AM.


#4 Rahina

Rahina

    Security Helper


  • Members
  • 681 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:12:57 PM

Posted 26 April 2008 - 10:34 AM

Hello!

Could you post a fresh deckard's system scanner logfile?
[ Antivirus ] [ Firewall ] [ Spywareblaster ] [ Malwarebytes Anti-Malware ] [ Windows update ] [ Firefox ] [ WinPatrol ] [ ATF Cleaner ]

If i have helped you, donate to help me continue helping others. Posted Image
Posted Image Posted Image

#5 Rahina

Rahina

    Security Helper


  • Members
  • 681 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:12:57 PM

Posted 26 April 2008 - 10:36 AM

And what comes to Steganos, you are correct. If you had any help of it you may want to get it back.

But your system is still infected, i would like to see that Deckard's system scanner logfile before we continue.

Thanks !
[ Antivirus ] [ Firewall ] [ Spywareblaster ] [ Malwarebytes Anti-Malware ] [ Windows update ] [ Firefox ] [ WinPatrol ] [ ATF Cleaner ]

If i have helped you, donate to help me continue helping others. Posted Image
Posted Image Posted Image

#6 funnytim

funnytim
  • Topic Starter

  • Members
  • 624 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:01:57 AM

Posted 26 April 2008 - 05:07 PM

Here it is:


Deckard's System Scanner v20071014.68
Run by Timothy Leung on 2008-04-26 14:54:16
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Timothy Leung.exe) ---------------------------------------

Unable to find log (file not found); running clone.
-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-04-26 14:55:06
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\UltraMon\UltraMon.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\UltraMon\UltraMonTaskbar.exe
C:\WINDOWS\RTHDCPL.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\Program Files\Norton Ghost\Agent\VProTray.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Monitor Control\MonitorControl.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\vbuzzer\VBuzzer.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Microsoft ActiveSync\rapimgr.exe
C:\Program Files\WinTV\Ir.exe
C:\Program Files\Hewlett-Packard\Deskjet F335\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HDDlife\HDDlifePro.exe
C:\Documents and Settings\Timothy Leung\Start Menu\Programs\Startup\hicdeject.exe
C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\Program Files\Hewlett-Packard\Deskjet F335\Digital Imaging\bin\hpqste08.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Steganos Security Suite 2006\PasswordManagerIEAutoFill.exe
C:\Documents and Settings\Timothy Leung\Desktop\dss.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 125.245.81.226:8080
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: (no name) - {3762B068-17B9-45A0-8A6D-BB7CA99A2032} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {8037E5A4-DB3A-4A88-AC6B-F90C1D03AE2D} - C:\WINDOWS\system32\rqRLfgHY.dll (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [UltraMon] "C:\Program Files\UltraMon\UltraMon.exe" /auto
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
O4 - HKLM\..\Run: [Microsoft Updates] svehost.exe
O4 - HKLM\..\Run: [Norton Ghost 14.0] "C:\Program Files\Norton Ghost\Agent\VProTray.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\RunServices: [Microsoft Updates] svehost.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Softany Monitor Control] C:\Program Files\Monitor Control\MonitorControl.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Vbuzzer Messenger] C:\Program Files\vbuzzer\VBuzzer.exe
O4 - HKCU\..\Run: [IncrediMail] C:\PROGRA~1\INCRED~1\bin\IncMail.exe /c
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [SSS2006] "C:\Program Files\Steganos Security Suite 2006\SSS2006.exe" -firstboot (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [SSS2006] "C:\Program Files\Steganos Security Suite 2006\SSS2006.exe" -firstboot (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [SSS2006] "C:\Program Files\Steganos Security Suite 2006\SSS2006.exe" -firstboot (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [SSS2006] "C:\Program Files\Steganos Security Suite 2006\SSS2006.exe" -firstboot (User 'Default user')
O4 - Startup: APC UPS Status.lnk = C:\Program Files\APC\APC PowerChute Personal Edition\Display.exe
O4 - Startup: HDDlife.lnk = C:\Program Files\HDDlife\HDDlifePro.exe
O4 - Startup: hicdeject.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AutoStart IR.lnk = C:\Program Files\WinTV\Ir.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Deskjet F335\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Add to Vbuzzer RSS list - C:\Program Files\vbuzzer\addurl.htm
O8 - Extra context menu item: Blocking access to the document address by AliveProxy - C:\Program Files\AiS AliveProxy Server\aisBlockDocument.html
O8 - Extra context menu item: Blocking access to the image address by AliveProxy - C:\Program Files\AiS AliveProxy Server\aisBlockImage.html
O8 - Extra context menu item: Blocking access to the link address by AliveProxy - C:\Program Files\AiS AliveProxy Server\aisBlockLink.html
O8 - Extra context menu item: Cut proxy addresses from selected text by AliveProxy - C:\Program Files\AiS AliveProxy Server\aisCutProxyFromSelectedTåxt.html
O8 - Extra context menu item: Download All Links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwa...director/sw.cab
O16 - DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} (Hewlett-Packard Online Support Services) - https://h50203.www5.hp.com/HPISWeb/Customer...DataManager.CAB
O16 - DPF: {1EF9F042-C2EB-4293-8213-474CAEEF531D} (TmHcmsX Control) - http://www.trendsecure.com/framework/contr...vex/TmHcmsX.CAB
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} () - http://download.microsoft.com/download/F/6...922/wmv9VCM.CAB
O16 - DPF: {3DA2AAF4-4289-4D6E-B9C0-D8360229607B} (IPAQSelfHelp Class) - https://h50203.www5.hp.com/HPISWeb/Customer...SPEIPAQTool.CAB
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-CA/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.photolab.ca/Upload/ImageUploader4.cab
O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft RDP Client Control (redist)) - http://67.228.105.102/msrdp.cab
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} () - http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab
O18 - Protocol: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL
O18 - Protocol: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\puresp3.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Unknown owner - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Traffic Shaper XP Server (bcserver) - Unknown owner - C:\Program Files\Traffic Shaper XP\Server\bcserver.service
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Gizmo5\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NBService - Unknown owner - C:\Program Files\Nero\Nero 7\Nero
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe
O23 - Service: Pure Networks Network Magic Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security 2007\PcCtlCom.exe
O23 - Service: Trend Micro Protection Against Spyware (PcScnSrv) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security 2007\PcScnSrv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymSnapService - Symantec - C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security 2007\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security 2007\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security 2007\tmproxy.exe


--
End of file - 15951 bytes

-- Files created between 2008-03-26 and 2008-04-26 -----------------------------

2008-04-26 14:53:42 0 d--hs---- C:\Locked.nsi
2008-04-25 23:03:57 0 d-------- C:\Program Files\UltraISO
2008-04-25 23:03:57 0 d-------- C:\Program Files\Common Files\EZB Systems
2008-04-24 21:11:17 0 d-------- C:\VundoFix Backups
2008-04-23 21:29:13 0 d-------- C:\Documents and Settings\Administrator\Application Data\HP
2008-04-23 21:28:53 0 d-------- C:\Documents and Settings\Administrator\Application Data\ATI
2008-04-23 21:28:52 0 d-------- C:\Documents and Settings\Administrator\Application Data\Realtime Soft
2008-04-23 21:28:34 0 d-------- C:\Documents and Settings\Administrator\Application Data\Identities
2008-04-23 21:28:26 0 dr------- C:\Documents and Settings\Administrator\Favorites <FAVORI~1>
2008-04-23 21:28:26 0 d-------- C:\Documents and Settings\Administrator\Desktop
2008-04-23 21:28:26 0 d--hs---- C:\Documents and Settings\Administrator\Cookies
2008-04-23 21:28:26 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2008-04-23 21:28:26 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-04-23 21:28:25 0 d--h----- C:\Documents and Settings\Administrator\Templates
2008-04-23 21:28:25 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2008-04-23 21:28:25 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2008-04-23 21:28:25 0 dr-h----- C:\Documents and Settings\Administrator\Recent
2008-04-23 21:28:25 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2008-04-23 21:28:25 1048576 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2008-04-23 21:28:25 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2008-04-23 21:28:25 0 dr------- C:\Documents and Settings\Administrator\My Documents
2008-04-23 21:28:25 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2008-04-23 18:51:39 0 d-------- C:\Documents and Settings\Timothy Leung\Application Data\Malwarebytes
2008-04-23 18:51:31 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-04-23 18:51:31 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-04-23 18:49:06 0 d--hs---- C:\WINDOWS\CSC
2008-04-23 00:08:22 0 d-------- C:\HJT
2008-04-22 21:00:37 0 d-------- C:\Documents and Settings\Timothy Leung\Application Data\Symantec
2008-04-22 18:42:19 0 d-------- C:\Documents and Settings\All Users\Application Data\Uniblue
2008-04-22 18:42:14 0 d-------- C:\Documents and Settings\Timothy Leung\Application Data\Uniblue
2008-04-22 18:41:48 0 d-------- C:\Program Files\Uniblue
2008-04-22 17:41:12 7964 --a------ C:\WINDOWS\system32\djrpojmu.dll
2008-04-22 17:40:14 10752 --a------ C:\WINDOWS\DCEBoot.exe
2008-04-21 23:59:46 200307 --ahs---- C:\WINDOWS\system32\KUENonmp.ini2
2008-04-21 23:59:16 0 d-------- C:\Program Files\Norton Ghost
2008-04-18 01:18:59 0 d-------- C:\Documents and Settings\All Users\Application Data\IM
2008-04-17 22:14:29 0 d-------- C:\Documents and Settings\All Users\Application Data\IncrediMail
2008-04-15 23:29:59 0 d-------- C:\Program Files\Common Files\Pure Networks Shared
2008-04-15 23:29:56 0 d-------- C:\Program Files\Pure Networks
2008-04-05 23:37:26 0 d-------- C:\Documents and Settings\All Users\Application Data\Pure Networks
2008-04-05 22:20:49 0 d-------- C:\Program Files\SJphone
2008-04-05 19:57:26 57344 --a------ C:\WINDOWS\system32\FaxMonitor.dll <Not Verified; Softroute; Vbuzzer Fax Printer>
2008-04-05 19:57:26 245760 --a------ C:\WINDOWS\system32\FaxHelper.exe <Not Verified; ; FaxHelper ????>
2008-04-05 19:57:24 0 d-------- C:\Program Files\vbuzzer
2008-04-04 22:48:54 0 d-------- C:\Documents and Settings\Timothy Leung\Application Data\Gizmo5
2008-04-04 22:48:46 0 d-------- C:\Program Files\Gizmo5
2008-04-02 23:18:35 0 d-------- C:\Program Files\Cirond
2008-04-02 22:38:33 0 d-------- C:\Program Files\Spectec
2008-04-02 22:15:28 0 d-------- C:\iPAQ
2008-04-02 17:48:34 0 d-------- C:\Program Files\GOPC
2008-04-01 18:50:08 0 d-------- C:\Documents and Settings\Timothy Leung\Application Data\Rokario
2008-04-01 18:50:02 0 d-------- C:\Program Files\Bandwidth Monitor
2008-04-01 18:10:51 0 d-------- C:\Program Files\OpenVideoConverter
2008-03-31 19:29:01 0 d-------- C:\Program Files\Aspecto Software
2008-03-31 19:16:00 0 d-------- C:\Program Files\PocketPC
2008-03-30 21:46:26 90112 --a------ C:\WINDOWS\unvise32.exe <Not Verified; MindVision Software; Installer VISE>
2008-03-30 21:44:02 0 d-------- C:\Program Files\Handmark
2008-03-30 21:33:39 0 d-------- C:\Program Files\Astraware
2008-03-30 00:03:18 0 d-------- C:\WINDOWS\IIS Temporary Compressed Files
2008-03-30 00:02:51 0 d-------- C:\WINDOWS\system32\Cache
2008-03-30 00:00:41 0 d-------- C:\Inetpub
2008-03-29 17:10:12 0 d-------- C:\Program Files\Home Ftp Server
2008-03-29 16:41:56 0 d-------- C:\ftproot
2008-03-29 14:32:29 0 d-------- C:\Program Files\File Splitter Deluxe
2008-03-28 23:49:30 0 d-------- C:\Program Files\Steganos Security Suite 2006
2008-03-27 21:40:01 0 d-------- C:\Program Files\Card and Invitation maker


-- Find3M Report ---------------------------------------------------------------

2008-04-24 21:19:02 0 d-------- C:\Program Files\PowerISO
2008-04-22 22:36:26 0 d-------- C:\Documents and Settings\Timothy Leung\Application Data\Skype
2008-04-22 22:19:26 0 d-------- C:\Documents and Settings\Timothy Leung\Application Data\skypePM
2008-04-22 00:20:08 0 d-------- C:\Program Files\PeerGuardian2
2008-04-22 00:20:08 0 d-------- C:\Documents and Settings\Timothy Leung\Application Data\uTorrent
2008-04-21 23:59:31 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-04-21 23:52:42 0 d-------- C:\Program Files\MagicISO
2008-04-20 18:58:52 56664 --a------ C:\Documents and Settings\Timothy Leung\Application Data\GDIPFONTCACHEV1.DAT
2008-04-19 23:17:28 0 d-------- C:\Program Files\IncrediMail
2008-04-19 17:49:47 0 d-------- C:\Program Files\Image for Windows
2008-04-15 23:30:19 0 d-------- C:\Program Files\DIFX
2008-04-15 23:29:59 0 d-------- C:\Program Files\Common Files
2008-04-13 20:31:03 0 d-------- C:\Program Files\eMule
2008-04-07 23:01:27 0 d-------- C:\Documents and Settings\Timothy Leung\Application Data\Vso
2008-04-06 16:05:16 0 d-------- C:\Program Files\Skype
2008-04-05 22:42:42 0 d-------- C:\Program Files\Microsoft ActiveSync
2008-03-31 21:53:35 0 d-------- C:\Program Files\MSN Messenger
2008-03-31 21:53:35 0 d-------- C:\Program Files\Messenger Plus! Live
2008-03-23 16:30:13 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-03-19 18:30:57 0 d-------- C:\Program Files\CloneCD
2008-03-19 12:26:47 0 d-------- C:\Program Files\Microsoft Games
2008-03-13 16:50:13 0 d-------- C:\Program Files\Traffic Shaper XP
2008-03-12 21:14:17 0 d-------- C:\Program Files\NetPeeker
2008-03-12 21:07:59 0 d-------- C:\Documents and Settings\Timothy Leung\Application Data\Locktime
2008-03-09 15:59:06 0 d-------- C:\Program Files\DVD Decrypter
2008-03-09 14:45:37 0 d-------- C:\Documents and Settings\Timothy Leung\Application Data\Real
2008-03-06 00:51:26 0 d-------- C:\Program Files\Password Revealer
2008-03-06 00:18:21 0 d-------- C:\Documents and Settings\Timothy Leung\Application Data\VoipBuster
2008-02-27 23:02:56 0 d-------- C:\Documents and Settings\Timothy Leung\Application Data\Sports Interactive


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3762B068-17B9-45A0-8A6D-BB7CA99A2032}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8037E5A4-DB3A-4A88-AC6B-F90C1D03AE2D}]
C:\WINDOWS\system32\rqRLfgHY.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [03/12/2007 06:30 PM]
"UltraMon"="C:\Program Files\UltraMon\UltraMon.exe" [05/14/2005 06:23 PM]
"type32"="C:\Program Files\Microsoft IntelliType Pro\type32.exe" [06/03/2004 01:51 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [09/25/2007 02:11 AM]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [11/10/2006 12:35 PM]
"RTHDCPL"="RTHDCPL.EXE" [03/20/2007 11:49 PM C:\WINDOWS\RTHDCPL.exe]
"pccguide.exe"="C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe" [01/23/2007 02:26 PM]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [01/12/2006 03:40 PM]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\point32.exe" [06/03/2004 01:50 AM]
"BluetoothAuthenticationAgent"="bthprops.cpl" [08/03/2004 09:56 PM C:\WINDOWS\system32\bthprops.cpl]
"amd_dc_opt"="C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [11/17/2006 04:49 PM]
"Microsoft Works Update Detection"="C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [07/16/2002 01:21 PM]
"Alcmtr"="ALCMTR.EXE" [05/03/2005 03:43 AM C:\WINDOWS\Alcmtr.exe]
"nmapp"="C:\Program Files\Pure Networks\Network Magic\nmapp.exe" [03/14/2007 03:42 PM]
"Microsoft Updates"="svehost.exe" []
"Norton Ghost 14.0"="C:\Program Files\Norton Ghost\Agent\VProTray.exe" [01/19/2008 08:01 PM]
"KernelFaultCheck"="C:\WINDOWS\system32\dumprep 0 -k" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [11/13/2006 02:39 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/03/2004 09:56 PM]
"Softany Monitor Control"="C:\Program Files\Monitor Control\MonitorControl.exe" [08/09/2005 08:13 AM]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [08/21/2007 11:39 PM]
"Vbuzzer Messenger"="C:\Program Files\vbuzzer\VBuzzer.exe" [03/13/2008 08:36 AM]
"IncrediMail"="C:\PROGRA~1\INCRED~1\bin\IncMail.exe" [06/19/2006 05:26 PM]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [01/28/2008 11:43 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
"Microsoft Updates"=svehost.exe

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"SSS2006"="C:\Program Files\Steganos Security Suite 2006\SSS2006.exe" -firstboot

C:\Documents and Settings\Timothy Leung\Start Menu\Programs\Startup\
APC UPS Status.lnk - C:\Program Files\APC\APC PowerChute Personal Edition\Display.exe [7/31/2007 11:37:39 PM]
HDDlife.lnk - C:\Program Files\HDDlife\HDDlifePro.exe [11/11/2006 7:07:10 PM]
hicdeject.exe [8/2/2004 10:31:00 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [12/14/2004 4:44:06 AM]
AutoStart IR.lnk - C:\Program Files\WinTV\Ir.exe [7/28/2007 10:33:58 PM]
HP Digital Imaging Monitor.lnk - C:\Program Files\Hewlett-Packard\Deskjet F335\Digital Imaging\bin\hpqtra08.exe [2/19/2006 4:21:22 AM]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2/13/2001 1:01:04 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"AllowLegacyWebView"=1 (0x1)
"AllowUnhashedWebView"=1 (0x1)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Beyond TV.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Beyond TV.lnk
backup=C:\WINDOWS\pss\Beyond TV.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Timothy Leung^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=C:\Documents and Settings\Timothy Leung\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
"C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
"C:\Program Files\CloneCD\CloneCDTray.exe" /s

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
"C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\Hewlett-Packard\Deskjet F335\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iCall Internet Phone]
"C:\Program Files\iCall\iCall.exe" /startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
C:\Program Files\Nero\Nero 7\InCD\InCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
"C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]
C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OrderReminder]
C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
"C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TalkAndWrite]
C:\Program Files\Skype\TalkAndWrite\talkandwrite.exe /run

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UVS10 Preload]
C:\Program Files\Ulead Systems\Ulead VideoStudio 10\uvPL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VoipBuster]
"C:\Program Files\VoipBuster\VoipBuster.exe" -nosplash -minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Norton Ghost"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs BthServ
p2psvc p2psvc p2pimsvc p2pgasvc PNRPSvc

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp




-- End of Deckard's System Scanner: finished at 2008-04-26 14:55:31 ------------



For some reason it didn't pop up a extra.txt file (even after running it twice).

Thanks!

#7 Rahina

Rahina

    Security Helper


  • Members
  • 681 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:12:57 PM

Posted 27 April 2008 - 08:29 AM

Please download Malwarebytes' Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
  • Double-click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • If you have trouble with the update process, please download the latest updates here.
  • Double-click the mbam-rules.exe file on your desktop and let it update the application.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to restart. (see extra note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Please copy and paste the entire report in your next reply. :thumbsup:
Extra note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.
[ Antivirus ] [ Firewall ] [ Spywareblaster ] [ Malwarebytes Anti-Malware ] [ Windows update ] [ Firefox ] [ WinPatrol ] [ ATF Cleaner ]

If i have helped you, donate to help me continue helping others. Posted Image
Posted Image Posted Image

#8 funnytim

funnytim
  • Topic Starter

  • Members
  • 624 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:01:57 AM

Posted 27 April 2008 - 08:21 PM

Malwarebytes' Anti-Malware 1.11
Database version: 676

Scan type: Quick Scan
Objects scanned: 39451
Time elapsed: 6 minute(s), 40 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)




It says nothing is infected...everything is all clean. But I suspect there's still something inside my machine (eg. it cannot find any printers, 'stuck halfway in safe mode', cannot change back to xp theme, etc).

Thanks.

#9 funnytim

funnytim
  • Topic Starter

  • Members
  • 624 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:01:57 AM

Posted 29 April 2008 - 07:05 PM

hey, u're still there right? ;)

#10 Rahina

Rahina

    Security Helper


  • Members
  • 681 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:12:57 PM

Posted 30 April 2008 - 02:09 AM

Hello.

I am busy with other stuff aswell. Please be patient, i will get back to you as soon as possible.
[ Antivirus ] [ Firewall ] [ Spywareblaster ] [ Malwarebytes Anti-Malware ] [ Windows update ] [ Firefox ] [ WinPatrol ] [ ATF Cleaner ]

If i have helped you, donate to help me continue helping others. Posted Image
Posted Image Posted Image

#11 funnytim

funnytim
  • Topic Starter

  • Members
  • 624 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:01:57 AM

Posted 30 April 2008 - 10:37 AM

No problem, take your time, just wanted to make sure you're still there.

Thanks.

#12 Rahina

Rahina

    Security Helper


  • Members
  • 681 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:12:57 PM

Posted 30 April 2008 - 01:55 PM

I notice you are using products of Uniblue, do you recognize them? Did you install it at the same time when your computer started to act strange, popups etc?

Please download OTMoveIt2 by OldTimer and save to your Desktop.
  • Double-click on OTMoveIt2.exe to launch the program.
  • Copy the file(s)/folder(s) paths listed below - highlight everything in the quote box and press CTRL+C or right-click and choose Copy.


C:\WINDOWS\system32\djrpojmu.dll
C:\WINDOWS\DCEBoot.exe

  • Return to OTMoveIt2, right-click in the open text box labeled "Paste List of Files/Folders to be Moved" (under the light blue bar) and choose Paste.
  • Click the red MoveIt! button.
  • The list will be processed and the results will be displayed in the right-hand pane.
  • Highlight everything in the Results window (under the green bar), press CTRL+C or right-click, choose Copy, right-click again and Paste it in your next reply.
  • Click Exit when done.
  • A log of the results is automatically created and saved to C:\_OTMoveIt\MovedFiles \mmddyyyy_hhmmss.log <- the date/time the tool was run.
-- Note: If a file or folder cannot be moved immediately you may be asked to reboot your computer in order to finish the move process. If asked to reboot, choose Yes. If not, reboot anyway.

Caution: Be careful of what you copy and paste with this tool. OTMoveIt is a powerful program, designed to move highly persistent files and folders. Not following the directions as instructed or using incorrectly could lead to disastrous problems with your operating system.

===================

Please go Here to see how to show hidden files in windows.

Please go to www.virustotal.com and browse for this file:

C:\WINDOWS\system32\KUENonmp.ini2

And submit.

Let me know the results, by copy pasting them here.

===================

Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
Turn off the real time scanner of any existing antivirus program while performing the online scan
Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the licence, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.

Please post a fresh Deckard's system scan report.

Edited by Rahina Rescue, 30 April 2008 - 01:56 PM.

[ Antivirus ] [ Firewall ] [ Spywareblaster ] [ Malwarebytes Anti-Malware ] [ Windows update ] [ Firefox ] [ WinPatrol ] [ ATF Cleaner ]

If i have helped you, donate to help me continue helping others. Posted Image
Posted Image Posted Image

#13 funnytim

funnytim
  • Topic Starter

  • Members
  • 624 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:01:57 AM

Posted 30 April 2008 - 11:26 PM

OTMoveIT2:
LoadLibrary failed for C:\WINDOWS\system32\djrpojmu.dll
C:\WINDOWS\system32\djrpojmu.dll NOT unregistered.
C:\WINDOWS\system32\djrpojmu.dll moved successfully.
C:\WINDOWS\DCEBoot.exe moved successfully.

OTMoveIt2 by OldTimer - Version 1.0.4.1 log created on 04302008_182614

--------------------


Virustotal.com results:

Antivirus;Version;Last Update;Result
AhnLab-V3;2008.5.1.0;2008.04.30;-
AntiVir;7.8.0.11;2008.04.30;-
Authentium;4.93.8;2008.04.30;-
Avast;4.8.1169.0;2008.04.30;-
AVG;7.5.0.516;2008.04.30;-
BitDefender;7.2;2008.05.01;-
CAT-QuickHeal;9.50;2008.04.30;-
ClamAV;0.92.1;2008.05.01;-
DrWeb;4.44.0.09170;2008.04.30;-
eSafe;7.0.15.0;2008.04.28;-
eTrust-Vet;31.3.5749;2008.04.30;-
Ewido;4.0;2008.04.30;-
F-Prot;4.4.2.54;2008.05.01;-
F-Secure;6.70.13260.0;2008.04.30;-
Fortinet;3.14.0.0;2008.04.30;-
Ikarus;T3.1.1.26;2008.05.01;-
Kaspersky;7.0.0.125;2008.05.01;-
McAfee;5285;2008.04.30;-
Microsoft;1.3408;2008.04.22;-
NOD32v2;3067;2008.04.30;-
Norman;5.80.02;2008.04.30;-
Panda;9.0.0.4;2008.04.30;-
Prevx1;V2;2008.05.01;-
Rising;20.42.22.00;2008.04.30;-
Sophos;4.29.0;2008.05.01;-
Sunbelt;3.0.1056.0;2008.04.17;-
Symantec;10;2008.05.01;-
TheHacker;6.2.92.298;2008.04.30;-
VBA32;3.12.6.5;2008.05.01;-
VirusBuster;4.3.26:9;2008.04.30;-
Webwasher-Gateway;6.6.2;2008.04.30;BlockReason.0

Additional information
File size: 200307 bytes
MD5...: 082bd944c97aa7735d860594711152b8
SHA1..: 9b6802685ef5576c04f2570b0b345b8cb0169b8d
SHA256: 89327b8ec6c3e65abeb6c6b903cc1d25df35f2af155045865fed79e1ac165467
SHA512: f57051d61a60f5f39cb9846dcaacfe8ae56795d5f924c9d6d59cee435b4615ab<BR>88fc697905df3861ef3b3222593c55c0f8fb9aeb88b302e4210c97b9b591aaa4
PEiD..: -
PEInfo: -

------------------------------

Kapersky Scanner:

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Wednesday, April 30, 2008 9:22:29 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 1/05/2008
Kaspersky Anti-Virus database records: 733591
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\

Scan Statistics:
Total number of scanned objects: 187894
Number of viruses found: 11
Number of infected objects: 38
Number of suspicious objects: 0
Duration of the scan process: 02:43:40

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Pure Networks\Network Magic\Log\logfile.nmapp_exe.txt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\73F429F6.EXE/data.rar/Projekt1.exe Infected: Trojan-PSW.Win32.VB.kt skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\73F429F6.EXE/data.rar/FirePassword.exe Infected: not-a-virus:PSWTool.Win32.FirePass.m skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\73F429F6.EXE/data.rar Infected: not-a-virus:PSWTool.Win32.FirePass.m skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\73F429F6.EXE RarSFX: infected - 3 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\73F429F6.EXE PE_Patch.UPX: infected - 3 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\73F429F6.EXE CryptFF: infected - 3 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\751742B6.EXE/data.rar/Projekt1.exe Infected: Trojan-PSW.Win32.VB.kt skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\751742B6.EXE/data.rar/FirePassword.exe Infected: not-a-virus:PSWTool.Win32.FirePass.m skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\751742B6.EXE/data.rar Infected: not-a-virus:PSWTool.Win32.FirePass.m skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\751742B6.EXE RarSFX: infected - 3 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\751742B6.EXE PE_Patch.UPX: infected - 3 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\751742B6.EXE CryptFF: infected - 3 skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Timothy Leung\Application Data\$_hpcst$.hpc Object is locked skipped
C:\Documents and Settings\Timothy Leung\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Timothy Leung\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\Timothy Leung\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Timothy Leung\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Timothy Leung\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Timothy Leung\Local Settings\History\History.IE5\MSHist012008042120080428\index.dat Object is locked skipped
C:\Documents and Settings\Timothy Leung\Local Settings\History\History.IE5\MSHist012008043020080501\index.dat Object is locked skipped
C:\Documents and Settings\Timothy Leung\Local Settings\Temp\hpodvd09.log Object is locked skipped
C:\Documents and Settings\Timothy Leung\Local Settings\Temp\Perflib_Perfdata_62c.dat Object is locked skipped
C:\Documents and Settings\Timothy Leung\Local Settings\Temp\WCESLog.log Object is locked skipped
C:\Documents and Settings\Timothy Leung\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Timothy Leung\Local Settings\Temporary Internet Files\Content.IE5\6HTWHT6V\idkfa[1] Infected: not-a-virus:AdWare.Win32.Virtumonde.qpb skipped
C:\Documents and Settings\Timothy Leung\Local Settings\Temporary Internet Files\Content.IE5\IFRABYMF\kriv[1] Infected: not-a-virus:AdWare.Win32.Virtumonde.qpx skipped
C:\Documents and Settings\Timothy Leung\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Timothy Leung\Local Settings\Temporary Internet Files\Content.IE5\T42JZJR1\glas[1] Infected: not-a-virus:AdWare.Win32.Virtumonde.qpw skipped
C:\Documents and Settings\Timothy Leung\My Documents\My Received Files\lcapi0.log Object is locked skipped
C:\Documents and Settings\Timothy Leung\My Documents\My Received Files\MsnMsgr.txt Object is locked skipped
C:\Documents and Settings\Timothy Leung\My Documents\My Received Files\Transport0.log Object is locked skipped
C:\Documents and Settings\Timothy Leung\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Timothy Leung\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Password Revealer\astlog.exe Infected: not-a-virus:PSWTool.Win32.Asterisk.b skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{1468E0D1-CE2A-4702-BDA0-FD9BADD009A1}\RP73\A0025363.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.qpx skipped
C:\System Volume Information\_restore{1468E0D1-CE2A-4702-BDA0-FD9BADD009A1}\RP76\A0025472.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.qpb skipped
C:\System Volume Information\_restore{1468E0D1-CE2A-4702-BDA0-FD9BADD009A1}\RP76\A0025480.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.qpw skipped
C:\System Volume Information\_restore{1468E0D1-CE2A-4702-BDA0-FD9BADD009A1}\RP77\change.log Object is locked skipped
C:\WINDOWS\CSC\00000001 Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\ACEEvent.evt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\NetLimit.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\SLEvtLog.evt Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
D:\hiberfil.sys Object is locked skipped
D:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\a258da4427c1f4a17d5b3ee97694fa03_7717ff7d-6bc8-49fd-b258-869e4a675494 Object is locked skipped
D:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\fc1e3851f429ea606d6ff1e01a5229f1_7717ff7d-6bc8-49fd-b258-869e4a675494 Object is locked skipped
D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
D:\System Volume Information\WindowsImageBackup\Catalog\BackupGlobalCatalog Object is locked skipped
D:\System Volume Information\WindowsImageBackup\Catalog\GlobalCatalog Object is locked skipped
D:\Users\Timothy Leung\AppData\Local\Temp\vmware-Timothy Leung\vmware0 Object is locked skipped
D:\Users\Timothy Leung\AppData\Local\Temp\vmware-Timothy Leung\vmware1 Object is locked skipped
D:\Windows\bthservsdp.dat Object is locked skipped
D:\Windows\CSC\v2.0.6\pq Object is locked skipped
D:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl Object is locked skipped
E:\Installers\Asterisk Logger.zip/astlog.exe Infected: not-a-virus:PSWTool.Win32.Asterisk.a skipped
E:\Installers\Asterisk Logger.zip ZIP: infected - 1 skipped
E:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
E:\System Volume Information\_restore{1468E0D1-CE2A-4702-BDA0-FD9BADD009A1}\RP77\change.log Object is locked skipped




-------------------------------
Deckard's system scan:


Deckard's System Scanner v20071014.68
Run by Timothy Leung on 2008-04-30 21:23:32
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Timothy Leung.exe) ---------------------------------------

Unable to find log (file not found); running clone.
-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-04-30 21:23:35
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\UltraMon\UltraMon.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\RTHDCPL.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\UltraMon\UltraMonTaskbar.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\Program Files\Norton Ghost\Agent\VProTray.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Monitor Control\MonitorControl.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\vbuzzer\VBuzzer.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Microsoft ActiveSync\rapimgr.exe
C:\Program Files\WinTV\Ir.exe
C:\Program Files\Hewlett-Packard\Deskjet F335\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HDDlife\HDDlifePro.exe
C:\Documents and Settings\Timothy Leung\Start Menu\Programs\Startup\hicdeject.exe
C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\Program Files\Hewlett-Packard\Deskjet F335\Digital Imaging\bin\hpqste08.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
F:\Downloads\OTMoveIt2.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Microsoft ActiveSync\WCESMgr.exe
E:\MacOS\OS7\BasiliskII-1.0-0.3.win32\BasiliskII-1.0\BasiliskII.exe
C:\Program Files\Microsoft Office\Office10\OUTLOOK.EXE
C:\Documents and Settings\Timothy Leung\Desktop\dss.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 125.245.81.226:8080
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: (no name) - {3762B068-17B9-45A0-8A6D-BB7CA99A2032} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {8037E5A4-DB3A-4A88-AC6B-F90C1D03AE2D} - C:\WINDOWS\system32\rqRLfgHY.dll (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [UltraMon] "C:\Program Files\UltraMon\UltraMon.exe" /auto
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
O4 - HKLM\..\Run: [Microsoft Updates] svehost.exe
O4 - HKLM\..\Run: [Norton Ghost 14.0] "C:\Program Files\Norton Ghost\Agent\VProTray.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\RunServices: [Microsoft Updates] svehost.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Softany Monitor Control] C:\Program Files\Monitor Control\MonitorControl.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Vbuzzer Messenger] C:\Program Files\vbuzzer\VBuzzer.exe
O4 - HKCU\..\Run: [IncrediMail] C:\PROGRA~1\INCRED~1\bin\IncMail.exe /c
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [SSS2006] "C:\Program Files\Steganos Security Suite 2006\SSS2006.exe" -firstboot (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [SSS2006] "C:\Program Files\Steganos Security Suite 2006\SSS2006.exe" -firstboot (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [SSS2006] "C:\Program Files\Steganos Security Suite 2006\SSS2006.exe" -firstboot (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [SSS2006] "C:\Program Files\Steganos Security Suite 2006\SSS2006.exe" -firstboot (User 'Default user')
O4 - Startup: APC UPS Status.lnk = C:\Program Files\APC\APC PowerChute Personal Edition\Display.exe
O4 - Startup: HDDlife.lnk = C:\Program Files\HDDlife\HDDlifePro.exe
O4 - Startup: hicdeject.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AutoStart IR.lnk = C:\Program Files\WinTV\Ir.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Deskjet F335\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Add to Vbuzzer RSS list - C:\Program Files\vbuzzer\addurl.htm
O8 - Extra context menu item: Blocking access to the document address by AliveProxy - C:\Program Files\AiS AliveProxy Server\aisBlockDocument.html
O8 - Extra context menu item: Blocking access to the image address by AliveProxy - C:\Program Files\AiS AliveProxy Server\aisBlockImage.html
O8 - Extra context menu item: Blocking access to the link address by AliveProxy - C:\Program Files\AiS AliveProxy Server\aisBlockLink.html
O8 - Extra context menu item: Cut proxy addresses from selected text by AliveProxy - C:\Program Files\AiS AliveProxy Server\aisCutProxyFromSelectedTåxt.html
O8 - Extra context menu item: Download All Links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/u...can_unicode.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwa...director/sw.cab
O16 - DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} (Hewlett-Packard Online Support Services) - https://h50203.www5.hp.com/HPISWeb/Customer...DataManager.CAB
O16 - DPF: {1EF9F042-C2EB-4293-8213-474CAEEF531D} (TmHcmsX Control) - http://www.trendsecure.com/framework/contr...vex/TmHcmsX.CAB
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} () - http://download.microsoft.com/download/F/6...922/wmv9VCM.CAB
O16 - DPF: {3DA2AAF4-4289-4D6E-B9C0-D8360229607B} (IPAQSelfHelp Class) - https://h50203.www5.hp.com/HPISWeb/Customer...SPEIPAQTool.CAB
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-CA/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.photolab.ca/Upload/ImageUploader4.cab
O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft RDP Client Control (redist)) - http://67.228.105.102/msrdp.cab
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} () - http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab
O18 - Protocol: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL
O18 - Protocol: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\puresp3.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Unknown owner - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Traffic Shaper XP Server (bcserver) - Unknown owner - C:\Program Files\Traffic Shaper XP\Server\bcserver.service
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Gizmo5\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NBService - Unknown owner - C:\Program Files\Nero\Nero 7\Nero
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe
O23 - Service: Pure Networks Network Magic Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security 2007\PcCtlCom.exe
O23 - Service: Trend Micro Protection Against Spyware (PcScnSrv) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security 2007\PcScnSrv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymSnapService - Symantec - C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security 2007\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security 2007\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security 2007\tmproxy.exe


--
End of file - 16212 bytes

-- Files created between 2008-03-30 and 2008-04-30 -----------------------------

2008-04-30 18:30:15 0 d-------- C:\WINDOWS\LastGood
2008-04-26 14:53:42 0 d--hs---- C:\Locked.nsi
2008-04-25 23:03:57 0 d-------- C:\Program Files\UltraISO
2008-04-25 23:03:57 0 d-------- C:\Program Files\Common Files\EZB Systems
2008-04-24 21:11:17 0 d-------- C:\VundoFix Backups
2008-04-23 21:29:13 0 d-------- C:\Documents and Settings\Administrator\Application Data\HP
2008-04-23 21:28:53 0 d-------- C:\Documents and Settings\Administrator\Application Data\ATI
2008-04-23 21:28:52 0 d-------- C:\Documents and Settings\Administrator\Application Data\Realtime Soft
2008-04-23 21:28:34 0 d-------- C:\Documents and Settings\Administrator\Application Data\Identities
2008-04-23 21:28:26 0 dr------- C:\Documents and Settings\Administrator\Favorites <FAVORI~1>
2008-04-23 21:28:26 0 d-------- C:\Documents and Settings\Administrator\Desktop
2008-04-23 21:28:26 0 d--hs---- C:\Documents and Settings\Administrator\Cookies
2008-04-23 21:28:26 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2008-04-23 21:28:26 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-04-23 21:28:25 0 d--h----- C:\Documents and Settings\Administrator\Templates
2008-04-23 21:28:25 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2008-04-23 21:28:25 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2008-04-23 21:28:25 0 dr-h----- C:\Documents and Settings\Administrator\Recent
2008-04-23 21:28:25 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2008-04-23 21:28:25 1048576 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2008-04-23 21:28:25 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2008-04-23 21:28:25 0 dr------- C:\Documents and Settings\Administrator\My Documents
2008-04-23 21:28:25 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2008-04-23 18:51:39 0 d-------- C:\Documents and Settings\Timothy Leung\Application Data\Malwarebytes
2008-04-23 18:51:31 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-04-23 18:51:31 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-04-23 18:49:06 0 d--hs---- C:\WINDOWS\CSC
2008-04-23 00:08:22 0 d-------- C:\HJT
2008-04-22 21:00:37 0 d-------- C:\Documents and Settings\Timothy Leung\Application Data\Symantec
2008-04-22 18:42:19 0 d-------- C:\Documents and Settings\All Users\Application Data\Uniblue
2008-04-22 18:42:14 0 d-------- C:\Documents and Settings\Timothy Leung\Application Data\Uniblue
2008-04-22 18:41:48 0 d-------- C:\Program Files\Uniblue
2008-04-21 23:59:46 200307 --ahs---- C:\WINDOWS\system32\KUENonmp.ini2
2008-04-21 23:59:16 0 d-------- C:\Program Files\Norton Ghost
2008-04-18 01:18:59 0 d-------- C:\Documents and Settings\All Users\Application Data\IM
2008-04-17 22:14:29 0 d-------- C:\Documents and Settings\All Users\Application Data\IncrediMail
2008-04-15 23:29:59 0 d-------- C:\Program Files\Common Files\Pure Networks Shared
2008-04-15 23:29:56 0 d-------- C:\Program Files\Pure Networks
2008-04-05 23:37:26 0 d-------- C:\Documents and Settings\All Users\Application Data\Pure Networks
2008-04-05 22:20:49 0 d-------- C:\Program Files\SJphone
2008-04-05 19:57:26 57344 --a------ C:\WINDOWS\system32\FaxMonitor.dll <Not Verified; Softroute; Vbuzzer Fax Printer>
2008-04-05 19:57:26 245760 --a------ C:\WINDOWS\system32\FaxHelper.exe <Not Verified; ; FaxHelper ????>
2008-04-05 19:57:24 0 d-------- C:\Program Files\vbuzzer
2008-04-04 22:48:54 0 d-------- C:\Documents and Settings\Timothy Leung\Application Data\Gizmo5
2008-04-04 22:48:46 0 d-------- C:\Program Files\Gizmo5
2008-04-02 23:18:35 0 d-------- C:\Program Files\Cirond
2008-04-02 22:38:33 0 d-------- C:\Program Files\Spectec
2008-04-02 22:15:28 0 d-------- C:\iPAQ
2008-04-02 17:48:34 0 d-------- C:\Program Files\GOPC
2008-04-01 18:50:08 0 d-------- C:\Documents and Settings\Timothy Leung\Application Data\Rokario
2008-04-01 18:50:02 0 d-------- C:\Program Files\Bandwidth Monitor
2008-04-01 18:10:51 0 d-------- C:\Program Files\OpenVideoConverter
2008-03-31 19:29:01 0 d-------- C:\Program Files\Aspecto Software
2008-03-31 19:16:00 0 d-------- C:\Program Files\PocketPC
2008-03-30 21:46:26 90112 --a------ C:\WINDOWS\unvise32.exe <Not Verified; MindVision Software; Installer VISE>
2008-03-30 21:44:02 0 d-------- C:\Program Files\Handmark
2008-03-30 21:33:39 0 d-------- C:\Program Files\Astraware
2008-03-30 00:03:18 0 d-------- C:\WINDOWS\IIS Temporary Compressed Files
2008-03-30 00:02:51 0 d-------- C:\WINDOWS\system32\Cache
2008-03-30 00:00:41 0 d-------- C:\Inetpub


-- Find3M Report ---------------------------------------------------------------

2008-04-24 21:19:02 0 d-------- C:\Program Files\PowerISO
2008-04-22 22:36:26 0 d-------- C:\Documents and Settings\Timothy Leung\Application Data\Skype
2008-04-22 22:19:26 0 d-------- C:\Documents and Settings\Timothy Leung\Application Data\skypePM
2008-04-22 00:20:08 0 d-------- C:\Program Files\PeerGuardian2
2008-04-22 00:20:08 0 d-------- C:\Documents and Settings\Timothy Leung\Application Data\uTorrent
2008-04-21 23:59:31 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-04-21 23:52:42 0 d-------- C:\Program Files\MagicISO
2008-04-20 18:58:52 56664 --a------ C:\Documents and Settings\Timothy Leung\Application Data\GDIPFONTCACHEV1.DAT
2008-04-19 23:17:28 0 d-------- C:\Program Files\IncrediMail
2008-04-19 17:49:47 0 d-------- C:\Program Files\Image for Windows
2008-04-15 23:30:19 0 d-------- C:\Program Files\DIFX
2008-04-15 23:29:59 0 d-------- C:\Program Files\Common Files
2008-04-13 20:31:03 0 d-------- C:\Program Files\eMule
2008-04-07 23:01:27 0 d-------- C:\Documents and Settings\Timothy Leung\Application Data\Vso
2008-04-06 16:05:16 0 d-------- C:\Program Files\Skype
2008-04-05 22:42:42 0 d-------- C:\Program Files\Microsoft ActiveSync
2008-03-31 21:53:35 0 d-------- C:\Program Files\MSN Messenger
2008-03-31 21:53:35 0 d-------- C:\Program Files\Messenger Plus! Live
2008-03-29 17:16:19 0 d-------- C:\Program Files\Home Ftp Server
2008-03-29 14:33:25 0 d-------- C:\Program Files\File Splitter Deluxe
2008-03-27 23:20:28 0 d-------- C:\Program Files\Card and Invitation maker
2008-03-23 16:30:13 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-03-19 18:30:57 0 d-------- C:\Program Files\CloneCD
2008-03-19 12:26:47 0 d-------- C:\Program Files\Microsoft Games
2008-03-13 16:50:13 0 d-------- C:\Program Files\Traffic Shaper XP
2008-03-12 21:14:17 0 d-------- C:\Program Files\NetPeeker
2008-03-12 21:07:59 0 d-------- C:\Documents and Settings\Timothy Leung\Application Data\Locktime
2008-03-09 15:59:06 0 d-------- C:\Program Files\DVD Decrypter
2008-03-09 14:45:37 0 d-------- C:\Documents and Settings\Timothy Leung\Application Data\Real
2008-03-06 00:51:26 0 d-------- C:\Program Files\Password Revealer
2008-03-06 00:18:21 0 d-------- C:\Documents and Settings\Timothy Leung\Application Data\VoipBuster


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3762B068-17B9-45A0-8A6D-BB7CA99A2032}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8037E5A4-DB3A-4A88-AC6B-F90C1D03AE2D}]
C:\WINDOWS\system32\rqRLfgHY.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [03/12/2007 06:30 PM]
"UltraMon"="C:\Program Files\UltraMon\UltraMon.exe" [05/14/2005 06:23 PM]
"type32"="C:\Program Files\Microsoft IntelliType Pro\type32.exe" [06/03/2004 01:51 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [09/25/2007 02:11 AM]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [11/10/2006 12:35 PM]
"RTHDCPL"="RTHDCPL.EXE" [03/20/2007 11:49 PM C:\WINDOWS\RTHDCPL.exe]
"pccguide.exe"="C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe" [01/23/2007 02:26 PM]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [01/12/2006 03:40 PM]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\point32.exe" [06/03/2004 01:50 AM]
"BluetoothAuthenticationAgent"="bthprops.cpl" [08/03/2004 09:56 PM C:\WINDOWS\system32\bthprops.cpl]
"amd_dc_opt"="C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [11/17/2006 04:49 PM]
"Microsoft Works Update Detection"="C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [07/16/2002 01:21 PM]
"Alcmtr"="ALCMTR.EXE" [05/03/2005 03:43 AM C:\WINDOWS\Alcmtr.exe]
"nmapp"="C:\Program Files\Pure Networks\Network Magic\nmapp.exe" [03/14/2007 03:42 PM]
"Microsoft Updates"="svehost.exe" []
"Norton Ghost 14.0"="C:\Program Files\Norton Ghost\Agent\VProTray.exe" [01/19/2008 08:01 PM]
"KernelFaultCheck"="C:\WINDOWS\system32\dumprep 0 -k" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [11/13/2006 02:39 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/03/2004 09:56 PM]
"Softany Monitor Control"="C:\Program Files\Monitor Control\MonitorControl.exe" [08/09/2005 08:13 AM]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [08/21/2007 11:39 PM]
"Vbuzzer Messenger"="C:\Program Files\vbuzzer\VBuzzer.exe" [03/13/2008 08:36 AM]
"IncrediMail"="C:\PROGRA~1\INCRED~1\bin\IncMail.exe" [06/19/2006 05:26 PM]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [01/28/2008 11:43 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
"Microsoft Updates"=svehost.exe

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"SSS2006"="C:\Program Files\Steganos Security Suite 2006\SSS2006.exe" -firstboot

C:\Documents and Settings\Timothy Leung\Start Menu\Programs\Startup\
APC UPS Status.lnk - C:\Program Files\APC\APC PowerChute Personal Edition\Display.exe [7/31/2007 11:37:39 PM]
HDDlife.lnk - C:\Program Files\HDDlife\HDDlifePro.exe [11/11/2006 7:07:10 PM]
hicdeject.exe [8/2/2004 10:31:00 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [12/14/2004 4:44:06 AM]
AutoStart IR.lnk - C:\Program Files\WinTV\Ir.exe [7/28/2007 10:33:58 PM]
HP Digital Imaging Monitor.lnk - C:\Program Files\Hewlett-Packard\Deskjet F335\Digital Imaging\bin\hpqtra08.exe [2/19/2006 4:21:22 AM]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2/13/2001 1:01:04 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"AllowLegacyWebView"=1 (0x1)
"AllowUnhashedWebView"=1 (0x1)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Beyond TV.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Beyond TV.lnk
backup=C:\WINDOWS\pss\Beyond TV.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Timothy Leung^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=C:\Documents and Settings\Timothy Leung\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
"C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
"C:\Program Files\CloneCD\CloneCDTray.exe" /s

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
"C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\Hewlett-Packard\Deskjet F335\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iCall Internet Phone]
"C:\Program Files\iCall\iCall.exe" /startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
C:\Program Files\Nero\Nero 7\InCD\InCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
"C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]
C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OrderReminder]
C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
"C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TalkAndWrite]
C:\Program Files\Skype\TalkAndWrite\talkandwrite.exe /run

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UVS10 Preload]
C:\Program Files\Ulead Systems\Ulead VideoStudio 10\uvPL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VoipBuster]
"C:\Program Files\VoipBuster\VoipBuster.exe" -nosplash -minimized

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs BthServ
p2psvc p2psvc p2pimsvc p2pgasvc PNRPSvc

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp




-- End of Deckard's System Scanner: finished at 2008-04-30 21:24:06 ------------


------------------------------

As for the Uniblue products, I've had them for quite some time now. (way before my computer got infected).

Thanks.

#14 funnytim

funnytim
  • Topic Starter

  • Members
  • 624 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:01:57 AM

Posted 03 May 2008 - 10:56 PM

I should also add that there is no sound coming out of my computer in XP.

#15 Rahina

Rahina

    Security Helper


  • Members
  • 681 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:12:57 PM

Posted 05 May 2008 - 08:03 AM

I saw you created a new topic related to your sound/microphone problem, please ask help in that thread. Here we clean you up from viruses and such.

What did virustotal say about that file you did submit? Was it infected with anything? If you do not remember could you please do the submitting again and let me know the results!
[ Antivirus ] [ Firewall ] [ Spywareblaster ] [ Malwarebytes Anti-Malware ] [ Windows update ] [ Firefox ] [ WinPatrol ] [ ATF Cleaner ]

If i have helped you, donate to help me continue helping others. Posted Image
Posted Image Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users