Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trying To Get Rid Of Vundo


  • This topic is locked This topic is locked
7 replies to this topic

#1 carybillsfan

carybillsfan

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:18 AM

Posted 13 May 2008 - 04:43 PM

My computer seems to detect some vundo virus and I've tried to get rid of it but it always returns

Here is my DSS log:

Deckard's System Scanner v20071014.68
Run by Bifulcos on 2008-05-13 08:26:37
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
131: 2008-05-13 12:26:50 UTC - RP285 - Deckard's System Scanner Restore Point
130: 2008-05-13 11:51:31 UTC - RP284 - Software Distribution Service 3.0
129: 2008-05-13 03:25:51 UTC - RP283 - Software Distribution Service 3.0
128: 2008-05-12 16:20:13 UTC - RP282 - System Checkpoint
127: 2008-05-11 16:18:03 UTC - RP281 - Software Distribution Service 3.0


-- First Restore Point --
1: 2008-04-19 15:19:59 UTC - RP155 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Bifulcos.exe) --------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:28:37 AM, on 5/13/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
C:\Program Files\Pure Networks\Router Service\pnroutsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TVersity\Media Server\MediaServer.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
C:\Program Files\Windows Media Connect\mswmcls.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Lexmark 4200 Series\lxbmbmgr.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Lexmark 4200 Series\lxbmbmon.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\AT&T\Internet Security Wizard\ISW.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Bifulcos\Desktop\dss.exe
C:\WINDOWS\system32\wuauclt.exe
C:\HJT\Bifulcos.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://hometab.bellsouth.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/def...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/mywaybiz
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: TTB000000 - {62960D20-6D0D-1AB4-4BF1-95B0B5B8783A} - C:\WINDOWS\COUPON~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: CouponBar - {5BED3930-2E9E-76D8-BACC-80DF2188D455} - C:\WINDOWS\CouponBarIE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [Lexmark 4200 Series] "C:\Program Files\Lexmark 4200 Series\lxbmbmgr.exe"
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [FaxCenterServer4_in_1] "C:\Program Files\Lexmark 4200 Series\Fax\fm3032.exe" /s
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ISW.exe] "C:\Program Files\AT&T\Internet Security Wizard\ISW.exe" /AUTORUN
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/u...can_unicode.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {321FB770-1FBE-4BFE-BDC1-6F622D4FA499} - https://setup.bellsouth.net/wizlet/PWReset/...aller_4-2-1.cab
O16 - DPF: {37A273C2-5129-11D5-BF37-00A0CCE8754B} (TTestGenXInstallObject) - http://www.mathxl.com/wizmodules/testgen/i...GenXInstall.cab
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.com/s/v/21.13/uploader2.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...84/mcinsctl.cab
O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://www.my-etrust.com/Extern/RoadRunner...an/pestscan.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...wlscbase370.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1135393119265
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.ofoto.com/downloads/BUM/BUM_WIN_IE_1/axofupld.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/m...,21/mcgdmgr.cab
O16 - DPF: {C4DD6732-1E82-4AE7-BD94-180331B84082} (DeltaCVX Control) - http://www.mathxl.com/applets/deltacvx.cab
O16 - DPF: {CC32D4D8-2A0B-4CEB-B105-C9B968379105} (CGameManagerCtrl Object) - http://www.disney.go.com/games/downloads/g...GameManager.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://a532.g.akamai.net/f/532/6712/5m/vir...l/installer.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{70E8383D-2D24-43C1-BAFA-4533C16654C0}: NameServer = 192.168.0.1,192.168.0.2
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Pure Networks Network Magic Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
O23 - Service: Pure Networks Router Manager (pnrouter) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Router Service\pnroutsv.exe
O23 - Service: TVersityMediaServer - Unknown owner - C:\Program Files\TVersity\Media Server\MediaServer.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe

--
End of file - 11561 bytes

-- File Associations -----------------------------------------------------------

.cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.cpl - cplfile - shell\runas\command - rundll32.exe shell32.dll,Control_RunDLLAsUser "%1",%*
.reg - regfile - shell\open\command - regedit.exe "%1" %*
.scr - scrfile - shell\open\command - "%1" %*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 ATMhelpr - c:\windows\system32\drivers\atmhelpr.sys <Not Verified; Adobe Systems Incorporated; Adobe Type Manager Deluxe>
R1 VETFDDNT (VET Floppy Boot Sector Monitor) - c:\windows\system32\drivers\vetfddnt.sys <Not Verified; Computer Associates International, Inc.; Computer Associates Antivirus>
R1 VET-FILT (VET File System Filter) - c:\windows\system32\drivers\vet-filt.sys <Not Verified; Computer Associates International, Inc.; Computer Associates Antivirus>
R1 VETMONNT (VET File Monitor) - c:\windows\system32\drivers\vetmonnt.sys <Not Verified; Computer Associates International, Inc.; Computer Associates Antivirus>
R1 VET-REC (VET File System Recognizer) - c:\windows\system32\drivers\vet-rec.sys <Not Verified; Computer Associates International, Inc.; Computer Associates Antivirus>
R2 ASCTRM - c:\windows\system32\drivers\asctrm.sys <Not Verified; Windows ® 2000 DDK provider; Windows ® 2000 DDK driver>

S3 DSproct - c:\program files\dellsupport\gtaction\triggers\dsproct.sys <Not Verified; Gteko Ltd.; processt>
S3 grmnusb - c:\windows\system32\drivers\grmnusb.sys <Not Verified; GARMIN Corp.; Garmin USB GPS>
S3 MREMP50 (MREMP50 NDIS Protocol Driver) - c:\program files\common files\motive\mremp50.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>
S3 MREMP50a64 (MREMP50a64 NDIS Protocol Driver) - c:\progra~1\common~1\motive\mremp50a64.sys (file missing)
S3 MREMPR5 (MREMPR5 NDIS Protocol Driver) - c:\program files\common files\motive\mrempr5.sys <Not Verified; Motive, Inc.; Motive Rawether for Windows>
S3 MRENDIS5 (MRENDIS5 NDIS Protocol Driver) - c:\program files\common files\motive\mrendis5.sys <Not Verified; Motive, Inc.; Motive Rawether for Windows>
S3 MRESP50 (MRESP50 NDIS Protocol Driver) - c:\program files\common files\motive\mresp50.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>
S3 MRESP50a64 (MRESP50a64 NDIS Protocol Driver) - c:\progra~1\common~1\motive\mresp50a64.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 McciCMService - "c:\program files\common files\motive\mccicmservice.exe" <Not Verified; Motive Communications, Inc.; >
R2 TVersityMediaServer - c:\program files\tversity\media server\mediaserver.exe
R3 WmcCdsLs (Windows Media Connect (WMC) Helper) - c:\program files\windows media connect\mswmcls.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>

S2 WmcCds (Windows Media Connect (WMC)) - c:\program files\windows media connect\mswmccds.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
S4 KodakCCS (Kodak Camera Connection Software) - c:\windows\system32\drivers\kodakccs.exe (file missing)
S4 Nero BackItUp Scheduler 3 - c:\program files\nero\nero8\nero backitup\nbservice.exe


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-05-13 03:13:05 330 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job


-- Files created between 2008-04-13 and 2008-05-13 -----------------------------

2008-05-13 07:55:56 0 d-------- C:\WINDOWS\LastGood
2008-05-13 07:51:48 0 d-------- C:\Program Files\Microsoft Silverlight
2008-05-13 03:07:55 0 d-------- C:\WINDOWS\Prefetch
2008-05-12 23:45:04 0 d-------- C:\WINDOWS\system32\scripting
2008-05-12 23:45:03 0 d-------- C:\WINDOWS\l2schemas
2008-05-12 23:45:02 0 d-------- C:\WINDOWS\system32\en
2008-05-12 23:45:02 0 d-------- C:\WINDOWS\system32\bits
2008-05-12 23:40:42 0 d-------- C:\WINDOWS\ServicePackFiles
2008-05-12 23:32:09 0 d-------- C:\WINDOWS\EHome
2008-05-06 07:59:58 0 d-------- C:\cmdcons
2008-05-06 07:56:51 68096 --a------ C:\WINDOWS\zip.exe
2008-05-06 07:56:51 49152 --a------ C:\WINDOWS\VFind.exe
2008-05-06 07:56:51 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-05-06 07:56:51 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-05-06 07:56:51 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-05-06 07:56:51 98816 --a------ C:\WINDOWS\sed.exe
2008-05-06 07:56:51 80412 --a------ C:\WINDOWS\grep.exe
2008-05-06 07:56:51 73728 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-05-06 07:40:35 0 d-------- C:\HJT
2008-05-04 20:29:44 0 d-------- C:\Documents and Settings\Bifulcos\Application Data\NeroDigital™
2008-04-27 15:06:47 0 d-------- C:\Program Files\Windows Live Safety Center
2008-04-20 16:33:10 0 d-------- C:\Documents and Settings\Default User\Application Data\Adobe
2008-04-20 16:33:01 0 d-------- C:\Documents and Settings\Default User\Application Data\Yahoo!
2008-04-20 16:32:58 0 d-------- C:\Documents and Settings\Default User\Application Data\Google
2008-04-20 16:25:25 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-04-20 13:59:15 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-04-20 13:59:13 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-04-20 10:23:27 0 d-------- C:\Documents and Settings\Bifulcos\Application Data\Malwarebytes
2008-04-20 10:23:02 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-04-20 09:11:33 0 d-------- C:\Documents and Settings\All Users\Application Data\SITEguard
2008-04-20 09:10:17 0 d-------- C:\Program Files\Common Files\iS3
2008-04-20 09:10:15 0 d-------- C:\Documents and Settings\All Users\Application Data\STOPzilla!
2008-04-19 13:17:12 0 d-------- C:\Program Files\Nero
2008-04-19 11:48:11 0 d-------- C:\Documents and Settings\Bifulcos\Application Data\Nero
2008-04-19 11:16:43 0 d-------- C:\Documents and Settings\All Users\Application Data\Nero
2008-04-19 11:16:42 0 d-------- C:\Program Files\Common Files\Nero
2008-04-19 11:10:01 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-04-19 09:57:22 0 d-------- C:\Program Files\DVD Identifier
2008-04-13 08:46:52 0 d-------- C:\Program Files\uTorrent
2008-04-13 08:46:43 0 d-------- C:\Documents and Settings\Bifulcos\Application Data\uTorrent


-- Find3M Report ---------------------------------------------------------------

2008-05-12 23:45:33 0 d-------- C:\Program Files\Messenger
2008-05-12 23:45:01 0 d-------- C:\Program Files\Movie Maker
2008-05-12 23:40:23 0 d-------- C:\Program Files\Windows NT
2008-05-04 09:08:09 1735 --a------ C:\Documents and Settings\Bifulcos\Application Data\AdobeDLM.log
2008-04-20 09:10:17 0 d-------- C:\Program Files\Common Files
2008-04-20 08:41:24 0 d-------- C:\Program Files\DivX
2008-04-18 23:01:59 0 d-------- C:\Program Files\cladDVD .NET 3.5.6
2008-04-05 09:22:49 0 d-------- C:\Program Files\DVD Decrypter
2008-04-01 20:45:03 0 d-------- C:\Program Files\DVD Shrink
2008-03-31 19:59:39 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-03-27 19:05:19 0 d-------- C:\Program Files\Windows Defender
2008-02-23 10:41:40 2528 --a------ C:\Documents and Settings\Bifulcos\Application Data\$_hpcst$.hpc
2008-02-17 10:58:16 55189 --a------ C:\Program Files\INSTALL.LOG


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{62960D20-6D0D-1AB4-4BF1-95B0B5B8783A}]
02/01/2007 03:53 PM 513632 --a------ C:\WINDOWS\COUPON~1.DLL

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{5BED3930-2E9E-76D8-BACC-80DF2188D455}"= C:\WINDOWS\CouponBarIE.dll [02/01/2007 03:53 PM 513632]

[-HKEY_CLASSES_ROOT\CLSID\{5BED3930-2E9E-76D8-BACC-80DF2188D455}]
[HKEY_CLASSES_ROOT\TTB000001.TTB000001.1]
[HKEY_CLASSES_ROOT\TypeLib\{9BA983B1-0C05-2DAF-9D1D-7E160077CAF4}]
[HKEY_CLASSES_ROOT\TTB000001.TTB000001]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nmapp"="C:\Program Files\Pure Networks\Network Magic\nmapp.exe" [08/10/2005 03:42 PM]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [10/08/2004 11:52 AM]
"Lexmark 4200 Series"="C:\Program Files\Lexmark 4200 Series\lxbmbmgr.exe" [01/16/2004 06:04 AM]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [09/20/2005 10:36 AM]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [09/20/2005 10:32 AM]
"FaxCenterServer4_in_1"="C:\Program Files\Lexmark 4200 Series\Fax\fm3032.exe" [01/22/2004 10:59 AM]
"CAVRID"="C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe" [08/23/2005 08:46 PM]
"CaAvTray"="C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe" [08/23/2005 08:46 PM]
"PCMService"="C:\Program Files\Dell\Media Experience\PCMService.exe" [04/11/2004 09:15 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [10/22/2004 08:48 PM]
"ISW.exe"="C:\Program Files\AT&T\Internet Security Wizard\ISW.exe" [05/03/2007 02:12 PM]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [11/03/2006 07:20 PM]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [12/03/2007 02:21 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/13/2008 08:12 PM]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [04/04/2008 09:04 AM]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [11/13/2006 02:39 PM]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [12/13/2007 07:10 PM]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [10/18/2006 08:05 PM]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [04/13/2008 08:12 PM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Picasa Media Detector"=C:\Program Files\Picasa2\PicasaMediaDetector.exe

C:\Documents and Settings\Bifulcos\Start Menu\Programs\Startup\
DESKTOP.INI [8/10/2004 2:04:12 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [12/14/2004 4:44:06 AM]
DESKTOP.INI [8/10/2004 2:04:12 PM]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2/13/2001 1:01:04 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)
"DisableRegistryTools"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
C:\WINDOWS\System32\dimsntfy.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=C:\WINDOWS\pss\Kodak EasyShare software.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak software updater.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak software updater.lnk
backup=C:\WINDOWS\pss\Kodak software updater.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Bifulcos^Start Menu^Programs^Startup^Picture Motion Browser Media Check Tool.lnk]
path=C:\Documents and Settings\Bifulcos\Start Menu\Programs\Startup\Picture Motion Browser Media Check Tool.lnk
backup=C:\WINDOWS\pss\Picture Motion Browser Media Check Tool.lnkStartup


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
"C:\Program Files\DellSupport\DSAgnt.exe" /startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
"C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FastAccess Help]
C:\Program Files\BellSouth Application Management\content\..\Start.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HelpCenter4.1]
C:\Program Files\Bellsouth\HelpCenter40b\bin\sprtcmd.exe /P HelpCenter4.1

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
C:\WINDOWS\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
%systemroot%\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zune Launcher]
"c:\Program Files\Zune\ZuneLauncher.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ZuneWlanCfgSvc"=3 (0x3)
"ZuneNetworkSvc"=3 (0x3)
"ZuneBusEnum"=2 (0x2)
"KodakCCS"=3 (0x3)
"Nero BackItUp Scheduler 3"=2 (0x2)
"gusvc"=3 (0x3)
"DSBrokerService"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
eapsvcs eaphost
dot3svc dot3svc

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
napagent
hkmsvc




-- End of Deckard's System Scanner: finished at 2008-05-13 08:32:42 ------------


Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 3.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® 4 CPU 3.00GHz
Percentage of Memory in Use: 65%
Physical Memory (total/avail): 765.98 MiB / 263.9 MiB
Pagefile Memory (total/avail): 1871.16 MiB / 1457.42 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1876.02 MiB

C: is Fixed (NTFS) - 70.94 GiB total, 37.71 GiB free.
D: is CDROM (No Media)
E: is CDROM (CDFS)

\\.\PHYSICALDRIVE0 - ST380011A - 74.5 GiB - 3 partitions
\PARTITION0 - Unknown - 47.03 MiB
\PARTITION1 (bootable) - Installable File System - 70.94 GiB - C:
\PARTITION2 - Unknown - 3.5 GiB



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Bifulcos\Application Data
CLASSPATH=C:\Program Files\PhotoDeluxe 2.0\AdobeConnectables
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=BIFULCO
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Bifulcos
LOGONSERVER=\\BIFULCO
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\PAGEMGR\IMGFOLIO;C:\PAGEMGR
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 3 Stepping 4, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0304
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Bifulcos\LOCALS~1\Temp
TMP=C:\DOCUME~1\Bifulcos\LOCALS~1\Temp
USERDOMAIN=BIFULCO
USERNAME=Bifulcos
USERPROFILE=C:\Documents and Settings\Bifulcos
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Bifulcos (admin)
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE
--> C:\Program Files\Nero\Nero8\\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
--> C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
--> C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
--> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
--> C:\WINDOWS\UNRecode.exe /UNINSTALL
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{22EB2FA7-1BA0-4FFB-972F-353EC6ABA9D5}\setup.exe" -l0x9 -removeonly
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{28B97CAB-828F-49D8-A30A-675476F9BA92}\setup.exe" -l0x9 /cont -removeonly
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4E7DC12A-3597-4A94-9429-F6C6987361B1}\setup.exe" -l0x9 -removeonly
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6813C983-427E-4511-8456-E98FCAA1A125}\setup.exe" -l0x9 -removeonly
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7DADB304-AF20-48C3-A780-4B4133A08817}\setup.exe" -l0x9 -removeonly
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9C423CF6-2DAA-4A37-94B8-59D7ECC7DB13}\setup.exe" -l0x9 -removeonly
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{ACE66099-E18E-4037-83C8-9D182E5B9FA8}\setup.exe" -l0x9 -removeonly
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B34B6E67-FCDD-4E03-8742-B5701427FAFB}\setup.exe" -l0x9 -removeonly
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FA6CC4B4-7741-4F8D-8E81-15C4BAB9869B}\setup.exe" -l0x9 -removeonly
µTorrent --> "C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
AC3Filter (remove only) --> C:\Program Files\AC3Filter\uninstall.exe
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Shockwave Player --> C:\WINDOWS\SYSTEM32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\SYSTEM32\Macromed\SHOCKW~1\Install.log
Alice Greenfingers (remove only) --> "C:\Program Files\Yahoo! Games\Alice Greenfingers\Uninstall.exe"
AT&T Internet Security Wizard 1.5.11 --> "C:\Program Files\AT&T\Internet Security Wizard\unins000.exe"
BellSouth Application Management --> C:\WINDOWS\Motive\BellSouth\UninstallAppManagement.exe
cladDVD .NET v3.5.6 --> MsiExec.exe /I{76BD2E01-DBD1-424C-8CB4-7B55CC4B2452}
Coupon Printer for Windows --> "C:\Program Files\Coupons\uninstall.exe" "/U:C:\Program Files\Coupons\Uninstall\uninstall.xml"
CouponBar --> regsvr32 /u /s "C:\WINDOWS\CouponBarIE.dll"
DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DVD Decrypter (Remove Only) --> "C:\Program Files\DVD Decrypter\uninstall.exe"
DVD Identifier --> "C:\Program Files\DVD Identifier\Uninst\unins000.exe"
DVD Shrink 3.2 --> "C:\Program Files\DVD Shrink\unins000.exe"
FastAccess® DSL Help Center 4.1 --> "C:\Program Files\Bellsouth\HelpCenter40b\unins000.exe"
Garmin MapSource --> MsiExec.exe /X{5AB07385-ECE4-4CC6-886F-90669F2CB796}
Garmin WebUpdater --> MsiExec.exe /X{366FFC89-C800-4366-B903-B9C4314109A5}
Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
HijackThis 2.0.2 --> "C:\HJT\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Java™ 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Kaspersky Online Scanner --> C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
Malwarebytes' Anti-Malware --> "C:\Program Files\Malwarebytes' Anti-Malware\unins001.exe"
Microsoft ActiveSync --> MsiExec.exe /I{99052DB7-9592-4522-A558-5417BBAD48EE}
Microsoft Base Smart Card Cryptographic Service Provider Package --> "C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 --> "C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft Office XP Professional with FrontPage --> MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9}
Microsoft Silverlight --> MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Move Networks Media Player for Internet Explorer --> C:\Documents and Settings\Bifulcos\Application Data\Move Networks\ie_bin\Uninst.exe
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
Nero 8 Trial --> MsiExec.exe /X{5FCCD531-1B38-4A94-924C-127F722F1033}
neroxml --> MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
Panda ActiveScan --> C:\WINDOWS\system32\ASUninst.exe Panda ActiveScan
Picasa 2 --> "C:\Program Files\Picasa2\Uninstall.exe"
Picture Package Music Transfer --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CE2121C6-C94D-4A73-8EA4-6943F33EE335}\setup.exe" -l0x9 -removeonly
Sony Picture Utility --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D5068583-D569-468B-9755-5FBF5848F46F}\setup.exe" -l0x9 /removeonly uninstall -removeonly
Sony USB Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}\setup.exe" -l0x9 UNINSTALL -removeonly
TVersity Codec Pack 1.1 --> C:\Program Files\TVersity Codec Pack\uninst.exe
TVersity Media Server 0.9.11.3a beta --> C:\Program Files\TVersity\Media Server\uninst.exe
VCRedistSetup --> MsiExec.exe /I{3921A67A-5AB1-4E48-9444-C71814CF3027}
Windows Defender --> MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401}
Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Live OneCare safety scanner --> RunDll32.exe "C:\Program Files\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT
Windows Media Connect --> "C:\WINDOWS\$NtUninstallWMCSetup$\spuninst\spuninst.exe"
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Format SDK Hotfix - KB891122 --> "C:\WINDOWS\$NtUninstallKB891122$\spuninst\spuninst.exe"
Windows Mobile® Device Handbook --> C:\Program Files\Windows Mobile Device Handbook\Windows Mobile Device Handbook\Bin\DHUninstall.exe
Windows Presentation Foundation --> MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows XP Service Pack 3 --> "C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
XML Paper Specification Shared Components Pack 1.0 -->
Xvid 1.1.3 final uninstall --> "C:\Program Files\Xvid\unins000.exe"
Yahoo! Toolbar --> C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE
Zoo Tycoon 2 - Zookeeper Collection --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{238DCFCD-70B3-46B2-B90B-2CDCC69A3D03}
Zune --> MsiExec.exe /X{FE0256DB-509C-40AC-B888-2543AD4298E6}
Zune Language Pack (ES) --> MsiExec.exe /I{EE4ACABF-531E-419A-9225-B8E0FA4955AF}
Zune Language Pack (FR) --> MsiExec.exe /I{0076E1AC-9E7B-4B9F-A62A-4CC9511AD8E3}


-- Application Event Log -------------------------------------------------------

Event Record #/Type172 / Error
Event Submitted/Written: 05/13/2008 03:15:06 AM
Event ID/Source: 3001 / LoadPerf
Event Description:
The performance counter name string value in the registry is incorrectly
formatted. The bogus string is 5808, the bogus index value is the first
DWORD in Data section while the last valid index values are the second and
third DWORD in Data section.

Event Record #/Type171 / Warning
Event Submitted/Written: 05/13/2008 03:15:05 AM
Event ID/Source: 2006 / LoadPerf
Event Description:
LastCounter and LastHelp values of performance registry is corrupted and
needs to be updated. The first and second DWORDs in Data Section are the
original values while the third and forth DWORDs in Data Section are the
updated new values.

Event Record #/Type170 / Error
Event Submitted/Written: 05/13/2008 03:15:02 AM
Event ID/Source: 3011 / LoadPerf
Event Description:
Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The
Error code is the first DWORD in Data section.

Event Record #/Type169 / Error
Event Submitted/Written: 05/13/2008 03:15:02 AM
Event ID/Source: 3001 / LoadPerf
Event Description:
The performance counter name string value in the registry is incorrectly
formatted. The bogus string is 5808, the bogus index value is the first
DWORD in Data section while the last valid index values are the second and
third DWORD in Data section.

Event Record #/Type167 / Error
Event Submitted/Written: 05/13/2008 03:11:44 AM
Event ID/Source: 0 / WmcCds
Event Description:
Service cannot be started. The service process could not connect to the service controller



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type9347 / Warning
Event Submitted/Written: 05/13/2008 08:28:55 AM
Event ID/Source: 3004 / WinDefend
Event Description:
%BIFULCO27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %BIFULCO27 can't undo changes that you allow.

For more information please see the following:
%BIFULCO275

Scan ID: {8C920916-E930-4C9E-BBD8-E93780C5679A}

User: BIFULCO\Bifulcos

Name: %BIFULCO271

ID: %BIFULCO272

Severity: 1.1.1593.05

Category: 1.1.1593.06

Path Found: %BIFULCO276

Alert Type: %BIFULCO278

Detection Type: 1.1.1593.02

Event Record #/Type9346 / Warning
Event Submitted/Written: 05/13/2008 08:28:55 AM
Event ID/Source: 3004 / WinDefend
Event Description:
%BIFULCO27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %BIFULCO27 can't undo changes that you allow.

For more information please see the following:
%BIFULCO275

Scan ID: {9E53D1C4-6564-46E3-8BA0-367C5793C8D9}

User: BIFULCO\Bifulcos

Name: %BIFULCO271

ID: %BIFULCO272

Severity: 1.1.1593.05

Category: 1.1.1593.06

Path Found: %BIFULCO276

Alert Type: %BIFULCO278

Detection Type: 1.1.1593.02

Event Record #/Type9345 / Warning
Event Submitted/Written: 05/13/2008 08:28:55 AM
Event ID/Source: 3004 / WinDefend
Event Description:
%BIFULCO27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %BIFULCO27 can't undo changes that you allow.

For more information please see the following:
%BIFULCO275

Scan ID: {3F412D2A-0EC7-4271-9DEA-F3EC47EE64C4}

User: BIFULCO\Bifulcos

Name: %BIFULCO271

ID: %BIFULCO272

Severity: 1.1.1593.05

Category: 1.1.1593.06

Path Found: %BIFULCO276

Alert Type: %BIFULCO278

Detection Type: 1.1.1593.02

Event Record #/Type9344 / Warning
Event Submitted/Written: 05/13/2008 08:28:53 AM
Event ID/Source: 3004 / WinDefend
Event Description:
%BIFULCO27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %BIFULCO27 can't undo changes that you allow.

For more information please see the following:
%BIFULCO275

Scan ID: {A180BBB3-EAE3-4B40-AA5F-C58007362456}

User: BIFULCO\Bifulcos

Name: %BIFULCO271

ID: %BIFULCO272

Severity: 1.1.1593.05

Category: 1.1.1593.06

Path Found: %BIFULCO276

Alert Type: %BIFULCO278

Detection Type: 1.1.1593.02

Event Record #/Type9343 / Warning
Event Submitted/Written: 05/13/2008 08:28:53 AM
Event ID/Source: 3004 / WinDefend
Event Description:
%BIFULCO27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %BIFULCO27 can't undo changes that you allow.

For more information please see the following:
%BIFULCO275

Scan ID: {86F47293-2BD4-4242-AC3F-C3B0AAA5BBB1}

User: BIFULCO\Bifulcos

Name: %BIFULCO271

ID: %BIFULCO272

Severity: 1.1.1593.05

Category: 1.1.1593.06

Path Found: %BIFULCO276

Alert Type: %BIFULCO278

Detection Type: 1.1.1593.02



-- End of Deckard's System Scanner: finished at 2008-05-13 08:32:42 ------------


Thank you,
Neil

BC AdBot (Login to Remove)

 


m

#2 don77

don77

    Forum Regular


  • Members
  • 3,212 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Boston Mass
  • Local time:05:18 AM

Posted 13 May 2008 - 08:37 PM

Hi Neil,

Not showing signs of Vundo at the moment, Need to have you run through a few things

Please go to Start > Run. In the box that appears, carefully copy and paste the following:

"%Userprofile%\Desktop\dss.exe" /daft

Accept the disclaimer, and click the "Scan" button. Place a checkmark next to everything that appears and press "Fix". Afterwards, close the window.


Next
Click on start, then control panel, and then double-click on add/remove programs. From within add/remove program uninstall the following if they exist by double-clicking on the following entries:


Coupon Printer for Windows
CouponBar


You should be asked to restart your computer if not please do so anyway




Next

Download and scan with SUPERAntiSpyware Free for Home Users
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
  • Under "Configuration and Preferences", click the Preferences button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.

Next
click on Start, click on Run
copy and paste the following in bold in the open window and then click OK
"%userprofile%\desktop\dss.exe" /config
This will open up DSS configuration
click on Check All
click Scan
DSS will now run again when finished
Please post back both logs that open in notepad
Main txt and extra txt


Post back both logs from DSS and the log from SuperAntiSpyware please

#3 carybillsfan

carybillsfan
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:18 AM

Posted 14 May 2008 - 07:37 AM

Thanks for helping me out.

Here are the logs:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 05/13/2008 at 11:59 PM

Application Version : 4.0.1154

Core Rules Database Version : 3460
Trace Rules Database Version: 1451

Scan type : Complete Scan
Total Scan Time : 01:15:04

Memory items scanned : 512
Memory threats detected : 0
Registry items scanned : 7074
Registry threats detected : 1
File items scanned : 79104
File threats detected : 101

Adware.CouponBar
HKU\S-1-5-21-1485908796-1125763234-3185656839-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser#{5BED3930-2E9E-76D8-BACC-80DF2188D455}

Adware.Tracking Cookie
C:\Documents and Settings\Bifulcos\Cookies\bifulcos@specificclick[2].txt
C:\Documents and Settings\Bifulcos\Cookies\bifulcos@z.blogads[1].txt
C:\Documents and Settings\Bifulcos\Cookies\bifulcos@atdmt[2].txt
C:\Documents and Settings\Bifulcos\Cookies\bifulcos@2o7[1].txt
C:\Documents and Settings\Bifulcos\Cookies\bifulcos@server.iad.liveperson[2].txt
C:\Documents and Settings\Bifulcos\Cookies\bifulcos@jra.advertserve[1].txt
C:\Documents and Settings\Bifulcos\Cookies\bifulcos@server.iad.liveperson[5].txt
C:\Documents and Settings\Bifulcos\Cookies\bifulcos@adlegend[1].txt
C:\Documents and Settings\Bifulcos\Cookies\bifulcos@serving-sys[1].txt
C:\Documents and Settings\Bifulcos\Cookies\bifulcos@ads.revsci[1].txt
C:\Documents and Settings\Bifulcos\Cookies\bifulcos@qinteractive.112.2o7[1].txt
C:\Documents and Settings\Bifulcos\Cookies\bifulcos@nintendo.112.2o7[1].txt
C:\Documents and Settings\Bifulcos\Cookies\bifulcos@coolsavings[2].txt
C:\Documents and Settings\Bifulcos\Cookies\bifulcos@warnerbros.112.2o7[1].txt
C:\Documents and Settings\Bifulcos\Cookies\bifulcos@247realmedia[2].txt
C:\Documents and Settings\Bifulcos\Cookies\bifulcos@lumberliquidators.112.2o7[1].txt
C:\Documents and Settings\Bifulcos\Cookies\bifulcos@revsci[2].txt
C:\Documents and Settings\Bifulcos\Cookies\bifulcos@bs.serving-sys[1].txt
C:\Documents and Settings\Bifulcos\Cookies\bifulcos@www.burstbeacon[2].txt
C:\Documents and Settings\Bifulcos\Cookies\bifulcos@cbcnewmedia.112.2o7[1].txt
C:\Documents and Settings\Bifulcos\Cookies\bifulcos@msnportal.112.2o7[1].txt
C:\Documents and Settings\Bifulcos\Cookies\bifulcos@revenue[2].txt
C:\Documents and Settings\Bifulcos\Cookies\bifulcos@ads.cnn[2].txt
C:\Documents and Settings\Bifulcos\Cookies\bifulcos@adinterax[2].txt
C:\Documents and Settings\Bifulcos\Cookies\bifulcos@vc1.hendrixsextape[2].txt
C:\Documents and Settings\Bifulcos\Cookies\bifulcos@ads.bleepingcomputer[2].txt
C:\Documents and Settings\Bifulcos\Cookies\bifulcos@trafficmp[2].txt
C:\Documents and Settings\Bifulcos\Cookies\bifulcos@atwola[2].txt
C:\Documents and Settings\Bifulcos\Cookies\bifulcos@www.coolsavings[1].txt
C:\Documents and Settings\Bifulcos\Cookies\bifulcos@sales.liveperson[1].txt
C:\Documents and Settings\Bifulcos\Cookies\bifulcos@media.legacy[2].txt
C:\Documents and Settings\Bifulcos\Cookies\bifulcos@citi.bridgetrack[1].txt
C:\Documents and Settings\Bifulcos\Cookies\bifulcos@sitestat.mayoclinic[1].txt
C:\Documents and Settings\Bifulcos\Cookies\bifulcos@homestore.122.2o7[1].txt
C:\Documents and Settings\Bifulcos\Cookies\bifulcos@zillow.adbureau[2].txt
C:\Documents and Settings\Bifulcos\Cookies\bifulcos@ads.financialcontent[2].txt
C:\Documents and Settings\Bifulcos\Cookies\bifulcos@tacoda[2].txt
C:\Documents and Settings\Bifulcos\Cookies\bifulcos@questionmarket[2].txt
C:\Documents and Settings\Bifulcos\Cookies\bifulcos@ads.bridgetrack[1].txt
C:\Documents and Settings\Bifulcos\Cookies\bifulcos@realmedia[2].txt
C:\Documents and Settings\Bifulcos\Cookies\bifulcos@gmgmacmortgage.112.2o7[1].txt
C:\Documents and Settings\Bifulcos\Cookies\bifulcos@server.iad.liveperson[4].txt
C:\Documents and Settings\Bifulcos\Cookies\bifulcos@bizrate[2].txt
C:\Documents and Settings\Bifulcos\Cookies\bifulcos@sitestat.mayoclinic[2].txt
C:\Documents and Settings\Bifulcos\Cookies\bifulcos@ad.m5prod[2].txt
C:\Documents and Settings\Bifulcos\Cookies\bifulcos@kaboose.112.2o7[1].txt
C:\Documents and Settings\Bifulcos\Cookies\bifulcos@iacas.adbureau[2].txt
C:\Documents and Settings\Bifulcos\Cookies\bifulcos@interclick[1].txt
C:\Documents and Settings\Bifulcos\Cookies\bifulcos@anad.tacoda[1].txt
C:\Documents and Settings\Bifulcos\Cookies\bifulcos@track.cbs[1].txt
C:\Documents and Settings\Bifulcos\Cookies\bifulcos@samsclub.112.2o7[2].txt
C:\Documents and Settings\Bifulcos\Cookies\bifulcos@media6degrees[2].txt
C:\Documents and Settings\Bifulcos\Cookies\bifulcos@overture[1].txt
C:\Documents and Settings\Bifulcos\Cookies\bifulcos@mediafire[2].txt
C:\Documents and Settings\Bifulcos\Cookies\bifulcos@marketlive.122.2o7[1].txt
C:\Documents and Settings\Bifulcos\Cookies\bifulcos@tremor.adbureau[2].txt
C:\Documents and Settings\Bifulcos\Cookies\bifulcos@sales.liveperson[2].txt
C:\Documents and Settings\Bifulcos\Cookies\bifulcos@cbs.112.2o7[1].txt
C:\Documents and Settings\Bifulcos\Cookies\bifulcos@msnservices.112.2o7[1].txt
C:\Documents and Settings\Bifulcos\Cookies\bifulcos@nextag[1].txt
C:\Documents and Settings\Bifulcos\Cookies\bifulcos@azjmp[2].txt
C:\Documents and Settings\Bifulcos\Cookies\bifulcos@atlas.entrepreneur[2].txt
C:\Documents and Settings\Bifulcos\Cookies\bifulcos@tribalfusion[2].txt
C:\Documents and Settings\Bifulcos\Cookies\bifulcos@www.accountonline[2].txt
C:\Documents and Settings\Bifulcos\Cookies\bifulcos@server.iad.liveperson[3].txt
C:\Documents and Settings\Bifulcos\Cookies\bifulcos@ads.pointroll[2].txt
C:\Documents and Settings\Bifulcos\Cookies\bifulcos@richmedia.yahoo[2].txt
C:\Documents and Settings\Bifulcos\Cookies\bifulcos@insightexpressai[2].txt
C:\Documents and Settings\Bifulcos\Cookies\bifulcos@roiservice[1].txt
C:\Documents and Settings\Bifulcos\Cookies\bifulcos@adopt.specificclick[2].txt
C:\Documents and Settings\Bifulcos\Cookies\bifulcos@track.vivid[1].txt
C:\Documents and Settings\Bifulcos\Cookies\bifulcos@media.hotels[1].txt
C:\Documents and Settings\Bifulcos\Cookies\bifulcos@adopt.euroclick[2].txt
C:\Documents and Settings\Bifulcos\Cookies\bifulcos@imrworldwide[2].txt
C:\Documents and Settings\Bifulcos\Cookies\bifulcos@xiti[1].txt
C:\Documents and Settings\Bifulcos\Cookies\bifulcos@linkto.mediafire[2].txt
C:\Documents and Settings\Bifulcos\Cookies\bifulcos@tracking.foxnews[1].txt
C:\Documents and Settings\Bifulcos\Cookies\bifulcos@track.effiliation[1].txt
C:\Documents and Settings\Bifulcos\Cookies\bifulcos@tracking.keywordmax[1].txt
C:\Documents and Settings\Bifulcos\Cookies\bifulcos@partner2profit[1].txt
C:\Documents and Settings\Bifulcos\Cookies\bifulcos@anat.tacoda[1].txt
C:\Documents and Settings\Bifulcos\Cookies\bifulcos@qnsr[1].txt
C:\Documents and Settings\Bifulcos\Cookies\bifulcos@edge.ru4[1].txt
C:\Documents and Settings\Bifulcos\Cookies\bifulcos@eyewonder[2].txt
C:\Documents and Settings\Bifulcos\Cookies\bifulcos@nhl.112.2o7[1].txt
C:\Documents and Settings\Bifulcos\Cookies\bifulcos@ads.addynamix[1].txt
C:\Documents and Settings\Bifulcos\Cookies\bifulcos@linksynergy.walmart[2].txt
C:\Documents and Settings\Bifulcos\Cookies\bifulcos@entrepreneur.122.2o7[1].txt
C:\Documents and Settings\Bifulcos\Cookies\bifulcos@ads.mininova[1].txt
C:\Documents and Settings\Bifulcos\Cookies\bifulcos@kontera[2].txt
C:\Documents and Settings\Bifulcos\Cookies\bifulcos@homeaway.112.2o7[1].txt
C:\Documents and Settings\Bifulcos\Cookies\bifulcos@oasc08.247realmedia[1].txt
C:\Documents and Settings\Bifulcos\Cookies\bifulcos@sales.liveperson[4].txt
C:\Documents and Settings\Bifulcos\Cookies\bifulcos@collective-media[2].txt
C:\Documents and Settings\Bifulcos\Cookies\bifulcos@aimfar.solution.weborama[2].txt
C:\Documents and Settings\Bifulcos\Cookies\bifulcos@adbrite[2].txt
C:\Documents and Settings\Bifulcos\Cookies\bifulcos@paypal.112.2o7[1].txt
C:\Documents and Settings\Bifulcos\Cookies\bifulcos@ads.ireport[1].txt
C:\Documents and Settings\Bifulcos\Cookies\bifulcos@weborama[1].txt
C:\Documents and Settings\Default User\Cookies\system@stopzilla[1].txt
C:\Documents and Settings\Default User\Cookies\system@www.stopzilla[1].txt

Deckard's System Scanner v20071014.68
Run by Bifulcos on 2008-05-14 08:28:45
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
134: 2008-05-14 12:29:00 UTC - RP288 - Deckard's System Scanner Restore Point
133: 2008-05-14 06:20:45 UTC - RP287 - Software Distribution Service 3.0
132: 2008-05-14 02:40:44 UTC - RP286 - Installed SUPERAntiSpyware Free Edition
131: 2008-05-13 12:26:50 UTC - RP285 - Deckard's System Scanner Restore Point
130: 2008-05-13 11:51:31 UTC - RP284 - Software Distribution Service 3.0


-- First Restore Point --
1: 2008-04-19 15:19:59 UTC - RP155 - System Checkpoint


Performed disk cleanup.



-- HijackThis (run as Bifulcos.exe) --------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:29:22 AM, on 5/14/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
C:\Program Files\Pure Networks\Router Service\pnroutsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TVersity\Media Server\MediaServer.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\Program Files\Windows Media Connect\mswmcls.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Lexmark 4200 Series\lxbmbmgr.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe
C:\Program Files\Lexmark 4200 Series\lxbmbmon.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\AT&T\Internet Security Wizard\ISW.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
C:\Documents and Settings\Bifulcos\desktop\dss.exe
C:\HJT\Bifulcos.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://hometab.bellsouth.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/def...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/mywaybiz
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [Lexmark 4200 Series] "C:\Program Files\Lexmark 4200 Series\lxbmbmgr.exe"
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [FaxCenterServer4_in_1] "C:\Program Files\Lexmark 4200 Series\Fax\fm3032.exe" /s
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ISW.exe] "C:\Program Files\AT&T\Internet Security Wizard\ISW.exe" /AUTORUN
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/u...can_unicode.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {321FB770-1FBE-4BFE-BDC1-6F622D4FA499} - https://setup.bellsouth.net/wizlet/PWReset/...aller_4-2-1.cab
O16 - DPF: {37A273C2-5129-11D5-BF37-00A0CCE8754B} (TTestGenXInstallObject) - http://www.mathxl.com/wizmodules/testgen/i...GenXInstall.cab
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.com/s/v/21.13/uploader2.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...84/mcinsctl.cab
O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://www.my-etrust.com/Extern/RoadRunner...an/pestscan.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...wlscbase370.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1135393119265
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.ofoto.com/downloads/BUM/BUM_WIN_IE_1/axofupld.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/m...,21/mcgdmgr.cab
O16 - DPF: {C4DD6732-1E82-4AE7-BD94-180331B84082} (DeltaCVX Control) - http://www.mathxl.com/applets/deltacvx.cab
O16 - DPF: {CC32D4D8-2A0B-4CEB-B105-C9B968379105} (CGameManagerCtrl Object) - http://www.disney.go.com/games/downloads/g...GameManager.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://a532.g.akamai.net/f/532/6712/5m/vir...l/installer.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{70E8383D-2D24-43C1-BAFA-4533C16654C0}: NameServer = 192.168.0.1,192.168.0.2
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Pure Networks Network Magic Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
O23 - Service: Pure Networks Router Manager (pnrouter) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Router Service\pnroutsv.exe
O23 - Service: TVersityMediaServer - Unknown owner - C:\Program Files\TVersity\Media Server\MediaServer.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe

--
End of file - 11719 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 ATMhelpr - c:\windows\system32\drivers\atmhelpr.sys <Not Verified; Adobe Systems Incorporated; Adobe Type Manager Deluxe>
R1 VETFDDNT (VET Floppy Boot Sector Monitor) - c:\windows\system32\drivers\vetfddnt.sys <Not Verified; Computer Associates International, Inc.; Computer Associates Antivirus>
R1 VET-FILT (VET File System Filter) - c:\windows\system32\drivers\vet-filt.sys <Not Verified; Computer Associates International, Inc.; Computer Associates Antivirus>
R1 VETMONNT (VET File Monitor) - c:\windows\system32\drivers\vetmonnt.sys <Not Verified; Computer Associates International, Inc.; Computer Associates Antivirus>
R1 VET-REC (VET File System Recognizer) - c:\windows\system32\drivers\vet-rec.sys <Not Verified; Computer Associates International, Inc.; Computer Associates Antivirus>
R2 ASCTRM - c:\windows\system32\drivers\asctrm.sys <Not Verified; Windows ® 2000 DDK provider; Windows ® 2000 DDK driver>
R3 SASENUM - c:\program files\superantispyware\sasenum.sys <Not Verified; SuperAdBlocker, Inc.; SuperAntiSpyware>

S3 DSproct - c:\program files\dellsupport\gtaction\triggers\dsproct.sys <Not Verified; Gteko Ltd.; processt>
S3 grmnusb - c:\windows\system32\drivers\grmnusb.sys <Not Verified; GARMIN Corp.; Garmin USB GPS>
S3 MREMP50 (MREMP50 NDIS Protocol Driver) - c:\program files\common files\motive\mremp50.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>
S3 MREMP50a64 (MREMP50a64 NDIS Protocol Driver) - c:\progra~1\common~1\motive\mremp50a64.sys (file missing)
S3 MREMPR5 (MREMPR5 NDIS Protocol Driver) - c:\program files\common files\motive\mrempr5.sys <Not Verified; Motive, Inc.; Motive Rawether for Windows>
S3 MRENDIS5 (MRENDIS5 NDIS Protocol Driver) - c:\program files\common files\motive\mrendis5.sys <Not Verified; Motive, Inc.; Motive Rawether for Windows>
S3 MRESP50 (MRESP50 NDIS Protocol Driver) - c:\program files\common files\motive\mresp50.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>
S3 MRESP50a64 (MRESP50a64 NDIS Protocol Driver) - c:\progra~1\common~1\motive\mresp50a64.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 McciCMService - "c:\program files\common files\motive\mccicmservice.exe" <Not Verified; Motive Communications, Inc.; >
R2 TVersityMediaServer - c:\program files\tversity\media server\mediaserver.exe
R3 WmcCdsLs (Windows Media Connect (WMC) Helper) - c:\program files\windows media connect\mswmcls.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>

S2 WmcCds (Windows Media Connect (WMC)) - c:\program files\windows media connect\mswmccds.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
S4 KodakCCS (Kodak Camera Connection Software) - c:\windows\system32\drivers\kodakccs.exe (file missing)
S4 Nero BackItUp Scheduler 3 - c:\program files\nero\nero8\nero backitup\nbservice.exe


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Process Modules -------------------------------------------------------------

C:\WINDOWS\SYSTEM32\winlogon.exe (pid 1204)
2007-04-19 12:41:36 294912 --a------ C:\Program Files\SUPERAntiSpyware\SASWINLO.dll <Not Verified; SUPERAntiSpyware.com; SUPERAntiSpyware WinLogon Processor>


-- Scheduled Tasks -------------------------------------------------------------

2008-05-14 08:26:24 330 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job


-- Files created between 2008-04-14 and 2008-05-14 -----------------------------

2008-05-13 22:40:47 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-05-13 22:40:47 0 d-------- C:\Documents and Settings\Bifulcos\Application Data\SUPERAntiSpyware.com
2008-05-13 22:40:22 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-05-13 07:51:48 0 d-------- C:\Program Files\Microsoft Silverlight
2008-05-13 03:07:55 0 d-------- C:\WINDOWS\Prefetch
2008-05-12 23:45:04 0 d-------- C:\WINDOWS\system32\scripting
2008-05-12 23:45:03 0 d-------- C:\WINDOWS\l2schemas
2008-05-12 23:45:02 0 d-------- C:\WINDOWS\system32\en
2008-05-12 23:45:02 0 d-------- C:\WINDOWS\system32\bits
2008-05-12 23:40:42 0 d-------- C:\WINDOWS\ServicePackFiles
2008-05-12 23:32:09 0 d-------- C:\WINDOWS\EHome
2008-05-06 07:59:58 0 d-------- C:\cmdcons
2008-05-06 07:56:51 68096 --a------ C:\WINDOWS\zip.exe
2008-05-06 07:56:51 49152 --a------ C:\WINDOWS\VFind.exe
2008-05-06 07:56:51 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-05-06 07:56:51 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-05-06 07:56:51 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-05-06 07:56:51 98816 --a------ C:\WINDOWS\sed.exe
2008-05-06 07:56:51 80412 --a------ C:\WINDOWS\grep.exe
2008-05-06 07:56:51 73728 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-05-06 07:40:35 0 d-------- C:\HJT
2008-05-04 20:29:44 0 d-------- C:\Documents and Settings\Bifulcos\Application Data\NeroDigital™
2008-04-27 15:06:47 0 d-------- C:\Program Files\Windows Live Safety Center
2008-04-20 16:33:10 0 d-------- C:\Documents and Settings\Default User\Application Data\Adobe
2008-04-20 16:33:01 0 d-------- C:\Documents and Settings\Default User\Application Data\Yahoo!
2008-04-20 16:32:58 0 d-------- C:\Documents and Settings\Default User\Application Data\Google
2008-04-20 16:25:25 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-04-20 13:59:15 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-04-20 13:59:13 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-04-20 10:23:27 0 d-------- C:\Documents and Settings\Bifulcos\Application Data\Malwarebytes
2008-04-20 10:23:02 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-04-20 09:11:33 0 d-------- C:\Documents and Settings\All Users\Application Data\SITEguard
2008-04-20 09:10:17 0 d-------- C:\Program Files\Common Files\iS3
2008-04-20 09:10:15 0 d-------- C:\Documents and Settings\All Users\Application Data\STOPzilla!
2008-04-19 13:17:12 0 d-------- C:\Program Files\Nero
2008-04-19 11:48:11 0 d-------- C:\Documents and Settings\Bifulcos\Application Data\Nero
2008-04-19 11:16:43 0 d-------- C:\Documents and Settings\All Users\Application Data\Nero
2008-04-19 11:16:42 0 d-------- C:\Program Files\Common Files\Nero
2008-04-19 11:10:01 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-04-19 09:57:22 0 d-------- C:\Program Files\DVD Identifier


-- Find3M Report ---------------------------------------------------------------

2008-05-13 22:40:22 0 d-------- C:\Program Files\Common Files
2008-05-13 22:37:27 0 d-------- C:\Program Files\Coupons
2008-05-12 23:45:33 0 d-------- C:\Program Files\Messenger
2008-05-12 23:45:01 0 d-------- C:\Program Files\Movie Maker
2008-05-12 23:40:23 0 d-------- C:\Program Files\Windows NT
2008-05-12 23:08:35 0 d-------- C:\Documents and Settings\Bifulcos\Application Data\uTorrent
2008-05-04 09:08:09 1735 --a------ C:\Documents and Settings\Bifulcos\Application Data\AdobeDLM.log
2008-04-20 08:41:24 0 d-------- C:\Program Files\DivX
2008-04-18 23:01:59 0 d-------- C:\Program Files\cladDVD .NET 3.5.6
2008-04-13 08:46:52 0 d-------- C:\Program Files\uTorrent
2008-04-05 09:22:49 0 d-------- C:\Program Files\DVD Decrypter
2008-04-01 20:45:03 0 d-------- C:\Program Files\DVD Shrink
2008-03-31 19:59:39 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-03-27 19:05:19 0 d-------- C:\Program Files\Windows Defender
2008-02-23 10:41:40 2528 --a------ C:\Documents and Settings\Bifulcos\Application Data\$_hpcst$.hpc
2008-02-17 10:58:16 55189 --a------ C:\Program Files\INSTALL.LOG


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nmapp"="C:\Program Files\Pure Networks\Network Magic\nmapp.exe" [08/10/2005 03:42 PM]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [10/08/2004 11:52 AM]
"Lexmark 4200 Series"="C:\Program Files\Lexmark 4200 Series\lxbmbmgr.exe" [01/16/2004 06:04 AM]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [09/20/2005 10:36 AM]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [09/20/2005 10:32 AM]
"FaxCenterServer4_in_1"="C:\Program Files\Lexmark 4200 Series\Fax\fm3032.exe" [01/22/2004 10:59 AM]
"CAVRID"="C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe" [08/23/2005 08:46 PM]
"CaAvTray"="C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe" [08/23/2005 08:46 PM]
"PCMService"="C:\Program Files\Dell\Media Experience\PCMService.exe" [04/11/2004 09:15 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [10/22/2004 08:48 PM]
"ISW.exe"="C:\Program Files\AT&T\Internet Security Wizard\ISW.exe" [05/03/2007 02:12 PM]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [11/03/2006 07:20 PM]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [12/03/2007 02:21 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/13/2008 08:12 PM]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [04/04/2008 09:04 AM]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [11/13/2006 02:39 PM]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [12/13/2007 07:10 PM]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [10/18/2006 08:05 PM]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [04/13/2008 08:12 PM]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [02/29/2008 04:03 PM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Picasa Media Detector"=C:\Program Files\Picasa2\PicasaMediaDetector.exe

C:\Documents and Settings\Bifulcos\Start Menu\Programs\Startup\
DESKTOP.INI [8/10/2004 2:04:12 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [12/14/2004 4:44:06 AM]
DESKTOP.INI [8/10/2004 2:04:12 PM]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2/13/2001 1:01:04 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)
"DisableRegistryTools"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [12/20/2006 12:55 PM 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 04/19/2007 12:41 PM 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
C:\WINDOWS\System32\dimsntfy.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=C:\WINDOWS\pss\Kodak EasyShare software.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak software updater.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak software updater.lnk
backup=C:\WINDOWS\pss\Kodak software updater.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Bifulcos^Start Menu^Programs^Startup^Picture Motion Browser Media Check Tool.lnk]
path=C:\Documents and Settings\Bifulcos\Start Menu\Programs\Startup\Picture Motion Browser Media Check Tool.lnk
backup=C:\WINDOWS\pss\Picture Motion Browser Media Check Tool.lnkStartup


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
"C:\Program Files\DellSupport\DSAgnt.exe" /startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
"C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FastAccess Help]
C:\Program Files\BellSouth Application Management\content\..\Start.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HelpCenter4.1]
C:\Program Files\Bellsouth\HelpCenter40b\bin\sprtcmd.exe /P HelpCenter4.1

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
C:\WINDOWS\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
%systemroot%\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zune Launcher]
"c:\Program Files\Zune\ZuneLauncher.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ZuneWlanCfgSvc"=3 (0x3)
"ZuneNetworkSvc"=3 (0x3)
"ZuneBusEnum"=2 (0x2)
"KodakCCS"=3 (0x3)
"Nero BackItUp Scheduler 3"=2 (0x2)
"gusvc"=3 (0x3)
"DSBrokerService"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
eapsvcs eaphost
dot3svc dot3svc

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
napagent
hkmsvc




-- End of Deckard's System Scanner: finished at 2008-05-14 08:33:33 ------------

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 3.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® 4 CPU 3.00GHz
Percentage of Memory in Use: 63%
Physical Memory (total/avail): 765.98 MiB / 282.26 MiB
Pagefile Memory (total/avail): 1870.41 MiB / 1397.43 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1876.02 MiB

C: is Fixed (NTFS) - 70.94 GiB total, 37.7 GiB free.
D: is CDROM (No Media)
E: is CDROM (CDFS)

\\.\PHYSICALDRIVE0 - ST380011A - 74.5 GiB - 3 partitions
\PARTITION0 - Unknown - 47.03 MiB
\PARTITION1 (bootable) - Installable File System - 70.94 GiB - C:
\PARTITION2 - Unknown - 3.5 GiB



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Bifulcos\Application Data
CLASSPATH=C:\Program Files\PhotoDeluxe 2.0\AdobeConnectables
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=BIFULCO
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Bifulcos
LOGONSERVER=\\BIFULCO
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\PAGEMGR\IMGFOLIO;C:\PAGEMGR
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 3 Stepping 4, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0304
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Bifulcos\LOCALS~1\Temp
TMP=C:\DOCUME~1\Bifulcos\LOCALS~1\Temp
USERDOMAIN=BIFULCO
USERNAME=Bifulcos
USERPROFILE=C:\Documents and Settings\Bifulcos
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Bifulcos (admin)
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE
--> C:\Program Files\Nero\Nero8\\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
--> C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
--> C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
--> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
--> C:\WINDOWS\UNRecode.exe /UNINSTALL
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{22EB2FA7-1BA0-4FFB-972F-353EC6ABA9D5}\setup.exe" -l0x9 -removeonly
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{28B97CAB-828F-49D8-A30A-675476F9BA92}\setup.exe" -l0x9 /cont -removeonly
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4E7DC12A-3597-4A94-9429-F6C6987361B1}\setup.exe" -l0x9 -removeonly
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6813C983-427E-4511-8456-E98FCAA1A125}\setup.exe" -l0x9 -removeonly
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7DADB304-AF20-48C3-A780-4B4133A08817}\setup.exe" -l0x9 -removeonly
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9C423CF6-2DAA-4A37-94B8-59D7ECC7DB13}\setup.exe" -l0x9 -removeonly
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{ACE66099-E18E-4037-83C8-9D182E5B9FA8}\setup.exe" -l0x9 -removeonly
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B34B6E67-FCDD-4E03-8742-B5701427FAFB}\setup.exe" -l0x9 -removeonly
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FA6CC4B4-7741-4F8D-8E81-15C4BAB9869B}\setup.exe" -l0x9 -removeonly
µTorrent --> "C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
AC3Filter (remove only) --> C:\Program Files\AC3Filter\uninstall.exe
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Shockwave Player --> C:\WINDOWS\SYSTEM32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\SYSTEM32\Macromed\SHOCKW~1\Install.log
Alice Greenfingers (remove only) --> "C:\Program Files\Yahoo! Games\Alice Greenfingers\Uninstall.exe"
AT&T Internet Security Wizard 1.5.11 --> "C:\Program Files\AT&T\Internet Security Wizard\unins000.exe"
BellSouth Application Management --> C:\WINDOWS\Motive\BellSouth\UninstallAppManagement.exe
cladDVD .NET v3.5.6 --> MsiExec.exe /I{76BD2E01-DBD1-424C-8CB4-7B55CC4B2452}
DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DVD Decrypter (Remove Only) --> "C:\Program Files\DVD Decrypter\uninstall.exe"
DVD Identifier --> "C:\Program Files\DVD Identifier\Uninst\unins000.exe"
DVD Shrink 3.2 --> "C:\Program Files\DVD Shrink\unins000.exe"
FastAccess® DSL Help Center 4.1 --> "C:\Program Files\Bellsouth\HelpCenter40b\unins000.exe"
Garmin MapSource --> MsiExec.exe /X{5AB07385-ECE4-4CC6-886F-90669F2CB796}
Garmin WebUpdater --> MsiExec.exe /X{366FFC89-C800-4366-B903-B9C4314109A5}
Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
HijackThis 2.0.2 --> "C:\HJT\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Java™ 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Kaspersky Online Scanner --> C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
Malwarebytes' Anti-Malware --> "C:\Program Files\Malwarebytes' Anti-Malware\unins001.exe"
Microsoft ActiveSync --> MsiExec.exe /I{99052DB7-9592-4522-A558-5417BBAD48EE}
Microsoft Base Smart Card Cryptographic Service Provider Package --> "C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 --> "C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft Office XP Professional with FrontPage --> MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9}
Microsoft Silverlight --> MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Move Networks Media Player for Internet Explorer --> C:\Documents and Settings\Bifulcos\Application Data\Move Networks\ie_bin\Uninst.exe
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
Nero 8 Trial --> MsiExec.exe /X{5FCCD531-1B38-4A94-924C-127F722F1033}
neroxml --> MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
Panda ActiveScan --> C:\WINDOWS\system32\ASUninst.exe Panda ActiveScan
Picasa 2 --> "C:\Program Files\Picasa2\Uninstall.exe"
Picture Package Music Transfer --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CE2121C6-C94D-4A73-8EA4-6943F33EE335}\setup.exe" -l0x9 -removeonly
Sony Picture Utility --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D5068583-D569-468B-9755-5FBF5848F46F}\setup.exe" -l0x9 /removeonly uninstall -removeonly
Sony USB Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}\setup.exe" -l0x9 UNINSTALL -removeonly
SUPERAntiSpyware Free Edition --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
TVersity Codec Pack 1.1 --> C:\Program Files\TVersity Codec Pack\uninst.exe
TVersity Media Server 0.9.11.3a beta --> C:\Program Files\TVersity\Media Server\uninst.exe
VCRedistSetup --> MsiExec.exe /I{3921A67A-5AB1-4E48-9444-C71814CF3027}
Windows Defender --> MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401}
Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Live OneCare safety scanner --> RunDll32.exe "C:\Program Files\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT
Windows Media Connect --> "C:\WINDOWS\$NtUninstallWMCSetup$\spuninst\spuninst.exe"
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Format SDK Hotfix - KB891122 --> "C:\WINDOWS\$NtUninstallKB891122$\spuninst\spuninst.exe"
Windows Mobile® Device Handbook --> C:\Program Files\Windows Mobile Device Handbook\Windows Mobile Device Handbook\Bin\DHUninstall.exe
Windows Presentation Foundation --> MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows XP Service Pack 3 --> "C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
XML Paper Specification Shared Components Pack 1.0 -->
Xvid 1.1.3 final uninstall --> "C:\Program Files\Xvid\unins000.exe"
Yahoo! Toolbar --> C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE
Zoo Tycoon 2 - Zookeeper Collection --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{238DCFCD-70B3-46B2-B90B-2CDCC69A3D03}
Zune --> MsiExec.exe /X{FE0256DB-509C-40AC-B888-2543AD4298E6}
Zune Language Pack (ES) --> MsiExec.exe /I{EE4ACABF-531E-419A-9225-B8E0FA4955AF}
Zune Language Pack (FR) --> MsiExec.exe /I{0076E1AC-9E7B-4B9F-A62A-4CC9511AD8E3}


-- Application Event Log -------------------------------------------------------

Event Record #/Type185 / Warning
Event Submitted/Written: 05/14/2008 08:24:49 AM
Event ID/Source: 32068 / Microsoft Fax
Event Description:
The outgoing routing rule is not valid because it cannot find a valid device. The outgoing faxes that use this rule will not be routed. Verify that the targeted device or devices (if routed to a group of devices) is connected and installed correctly, and turned on. If routed to a group, verify that the group is configured correctly.
Country/region code: '*'
Area code: '*'

Event Record #/Type184 / Warning
Event Submitted/Written: 05/14/2008 08:24:49 AM
Event ID/Source: 32026 / Microsoft Fax
Event Description:
Fax Service failed to initialize any assigned fax devices (virtual or TAPI).
No faxes can be sent or received until a fax device is installed.

Event Record #/Type179 / Warning
Event Submitted/Written: 05/14/2008 08:21:54 AM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.

Event Record #/Type177 / Error
Event Submitted/Written: 05/13/2008 10:38:19 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application iexplore.exe, version 7.0.6000.16640, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type172 / Error
Event Submitted/Written: 05/13/2008 03:15:06 AM
Event ID/Source: 3001 / LoadPerf
Event Description:
The performance counter name string value in the registry is incorrectly
formatted. The bogus string is 5808, the bogus index value is the first
DWORD in Data section while the last valid index values are the second and
third DWORD in Data section.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type9574 / Warning
Event Submitted/Written: 05/14/2008 08:29:38 AM
Event ID/Source: 3004 / WinDefend
Event Description:
%BIFULCO27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %BIFULCO27 can't undo changes that you allow.

For more information please see the following:
%BIFULCO275

Scan ID: {4BC8A1CA-8935-4244-8F02-B36BD47C5D77}

User: BIFULCO\Bifulcos

Name: %BIFULCO271

ID: %BIFULCO272

Severity: 1.1.1593.05

Category: 1.1.1593.06

Path Found: %BIFULCO276

Alert Type: %BIFULCO278

Detection Type: 1.1.1593.02

Event Record #/Type9573 / Warning
Event Submitted/Written: 05/14/2008 08:29:38 AM
Event ID/Source: 3004 / WinDefend
Event Description:
%BIFULCO27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %BIFULCO27 can't undo changes that you allow.

For more information please see the following:
%BIFULCO275

Scan ID: {E409FE3E-53B2-4409-B05E-AB350115D2D3}

User: BIFULCO\Bifulcos

Name: %BIFULCO271

ID: %BIFULCO272

Severity: 1.1.1593.05

Category: 1.1.1593.06

Path Found: %BIFULCO276

Alert Type: %BIFULCO278

Detection Type: 1.1.1593.02

Event Record #/Type9572 / Warning
Event Submitted/Written: 05/14/2008 08:29:38 AM
Event ID/Source: 3004 / WinDefend
Event Description:
%BIFULCO27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %BIFULCO27 can't undo changes that you allow.

For more information please see the following:
%BIFULCO275

Scan ID: {97A1590E-0279-4102-BD59-E222CC8A9230}

User: BIFULCO\Bifulcos

Name: %BIFULCO271

ID: %BIFULCO272

Severity: 1.1.1593.05

Category: 1.1.1593.06

Path Found: %BIFULCO276

Alert Type: %BIFULCO278

Detection Type: 1.1.1593.02

Event Record #/Type9571 / Warning
Event Submitted/Written: 05/14/2008 08:29:36 AM
Event ID/Source: 3004 / WinDefend
Event Description:
%BIFULCO27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %BIFULCO27 can't undo changes that you allow.

For more information please see the following:
%BIFULCO275

Scan ID: {9039EF64-14CB-4E54-93C0-A8DCC75A548A}

User: BIFULCO\Bifulcos

Name: %BIFULCO271

ID: %BIFULCO272

Severity: 1.1.1593.05

Category: 1.1.1593.06

Path Found: %BIFULCO276

Alert Type: %BIFULCO278

Detection Type: 1.1.1593.02

Event Record #/Type9570 / Warning
Event Submitted/Written: 05/14/2008 08:29:36 AM
Event ID/Source: 3004 / WinDefend
Event Description:
%BIFULCO27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %BIFULCO27 can't undo changes that you allow.

For more information please see the following:
%BIFULCO275

Scan ID: {BE44D0AF-7563-405F-9766-0C1EDE22D9B6}

User: BIFULCO\Bifulcos

Name: %BIFULCO271

ID: %BIFULCO272

Severity: 1.1.1593.05

Category: 1.1.1593.06

Path Found: %BIFULCO276

Alert Type: %BIFULCO278

Detection Type: 1.1.1593.02



-- End of Deckard's System Scanner: finished at 2008-05-14 08:33:33 ------------

#4 don77

don77

    Forum Regular


  • Members
  • 3,212 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Boston Mass
  • Local time:05:18 AM

Posted 14 May 2008 - 07:30 PM

Looking much better :thumbsup:

Still detecting Vundo ?


Please do an online scan with Kaspersky WebScanner

Click on Accept Button

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.


#5 carybillsfan

carybillsfan
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:18 AM

Posted 14 May 2008 - 10:38 PM

Here is the log:

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Wednesday, May 14, 2008 11:36:04 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 3 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 15/05/2008
Kaspersky Anti-Virus database records: 774093
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\

Scan Statistics:
Total number of scanned objects: 88624
Number of viruses found: 2
Number of infected objects: 3
Number of suspicious objects: 0
Duration of the scan process: 01:18:26

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Support\MPLog-03272008-190528.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Pure Networks\Network Magic\Log\logfile.nmapp_exe.txt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Pure Networks\Network Magic\Log\logfile.nmsrvc_exe.txt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Pure Networks\Router Service\Log\RouterService.142.log Object is locked skipped
C:\Documents and Settings\Bifulcos\Application Data\$_hpcst$.hpc Object is locked skipped
C:\Documents and Settings\Bifulcos\Application Data\AT&T\Internet Security Wizard\client_gateway.log Object is locked skipped
C:\Documents and Settings\Bifulcos\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\AppLogs\SUPERANTISPYWARE-5-14-2008( 8-25-6 ).LOG Object is locked skipped
C:\Documents and Settings\Bifulcos\Cookies\INDEX.DAT Object is locked skipped
C:\Documents and Settings\Bifulcos\Local Settings\Application Data\Ahead\Nero Home\bl.db Object is locked skipped
C:\Documents and Settings\Bifulcos\Local Settings\Application Data\Ahead\Nero Home\is2.db Object is locked skipped
C:\Documents and Settings\Bifulcos\Local Settings\Application Data\Microsoft\Media Player\CurrentDatabase_360.wmdb Object is locked skipped
C:\Documents and Settings\Bifulcos\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Bifulcos\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Bifulcos\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{0CEF860C-CFD4-49DA-9498-9B3B3C842764} Object is locked skipped
C:\Documents and Settings\Bifulcos\Local Settings\History\History.IE5\INDEX.DAT Object is locked skipped
C:\Documents and Settings\Bifulcos\Local Settings\Temp\WCESLog.log Object is locked skipped
C:\Documents and Settings\Bifulcos\Local Settings\Temp\~DFAD4A.tmp Object is locked skipped
C:\Documents and Settings\Bifulcos\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Bifulcos\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Bifulcos\My Documents\Downloads\Nero 8 Ultra Edition v8.3.2.1.rar/Nero 8 Ultra Edition v8.3.2.1.exe Infected: Trojan-Dropper.Win32.Agent.qzl skipped
C:\Documents and Settings\Bifulcos\My Documents\Downloads\Nero 8 Ultra Edition v8.3.2.1.rar RAR: infected - 1 skipped
C:\Documents and Settings\Bifulcos\ntuser.dat Object is locked skipped
C:\Documents and Settings\Bifulcos\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\INDEX.DAT Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\INDEX.DAT Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\INDEX.DAT Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\TVersity\Media Server\db\medialib.db Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP285\A0029658.dll Infected: not-a-virus:AdWare.Win32.Coupons skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP288\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\SYSTEM32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\SYSTEM32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\AppEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\Internet.evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SAM Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SecEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SysEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\H323LOG.TXT Object is locked skipped
C:\WINDOWS\SYSTEM32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped
C:\WINDOWS\SYSTEM32\TVersityMediaServer.log Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\WIADEBUG.LOG Object is locked skipped
C:\WINDOWS\WIASERVC.LOG Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.

#6 don77

don77

    Forum Regular


  • Members
  • 3,212 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Boston Mass
  • Local time:05:18 AM

Posted 15 May 2008 - 09:12 PM

C:\Documents and Settings\Bifulcos\My Documents\Downloads\Nero 8 Ultra Edition v8.3.2.1.rar/Nero 8 Ultra Edition v8.3.2.1.exe Infected: Trojan-Dropper.Win32.Agent.qzl skipped
C:\Documents and Settings\Bifulcos\My Documents\Downloads\Nero 8 Ultra Edition v8.3.2.1.rar RAR: infected - 1 skipped


You need to delete the bolded above its infected you need to be careful what your downloading you run a very high risk with these practices


Now you should Set a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since System Restore is a protected directory, your tools can not access it to delete these bad files which sometimes can reinfect your system. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:
  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then go to Start > Run and type: Cleanmgr
  • Click "OK".
  • Click the "More Options" Tab.
  • Click "Clean Up" in the System Restore section to remove all previous restore points except the newly created one.

Rescan one more time with Kaspersky and post back the new log please

#7 carybillsfan

carybillsfan
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:18 AM

Posted 16 May 2008 - 07:20 AM

Don,

Thanks for your help, hopefully my kids won't download anymore junk. Here is the log:

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Friday, May 16, 2008 8:18:22 AM
Operating System: Microsoft Windows XP Home Edition, Service Pack 3 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 16/05/2008
Kaspersky Anti-Virus database records: 777153
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\

Scan Statistics:
Total number of scanned objects: 80951
Number of viruses found: 0
Number of infected objects: 0
Number of suspicious objects: 0
Duration of the scan process: 01:16:20

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Support\MPLog-03272008-190528.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Pure Networks\Network Magic\Log\logfile.nmapp_exe.txt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Pure Networks\Network Magic\Log\logfile.nmsrvc_exe.txt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Pure Networks\Router Service\Log\RouterService.144.log Object is locked skipped
C:\Documents and Settings\Bifulcos\Application Data\$_hpcst$.hpc Object is locked skipped
C:\Documents and Settings\Bifulcos\Application Data\AT&T\Internet Security Wizard\client_gateway.log Object is locked skipped
C:\Documents and Settings\Bifulcos\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\AppLogs\SUPERANTISPYWARE-5-15-2008( 18-21-38 ).LOG Object is locked skipped
C:\Documents and Settings\Bifulcos\Cookies\INDEX.DAT Object is locked skipped
C:\Documents and Settings\Bifulcos\Local Settings\Application Data\Ahead\Nero Home\bl.db Object is locked skipped
C:\Documents and Settings\Bifulcos\Local Settings\Application Data\Ahead\Nero Home\is2.db Object is locked skipped
C:\Documents and Settings\Bifulcos\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\Bifulcos\Local Settings\Application Data\Microsoft\Media Player\CurrentDatabase_360.wmdb Object is locked skipped
C:\Documents and Settings\Bifulcos\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Bifulcos\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Bifulcos\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{692D5FF9-59EE-4A4E-BBAF-978637B6D80E} Object is locked skipped
C:\Documents and Settings\Bifulcos\Local Settings\History\History.IE5\INDEX.DAT Object is locked skipped
C:\Documents and Settings\Bifulcos\Local Settings\History\History.IE5\MSHist012008051520080516\index.dat Object is locked skipped
C:\Documents and Settings\Bifulcos\Local Settings\Temp\WCESLog.log Object is locked skipped
C:\Documents and Settings\Bifulcos\Local Settings\Temp\~DFFA7E.tmp Object is locked skipped
C:\Documents and Settings\Bifulcos\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Bifulcos\ntuser.dat Object is locked skipped
C:\Documents and Settings\Bifulcos\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\INDEX.DAT Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\INDEX.DAT Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\INDEX.DAT Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\TVersity\Media Server\db\medialib.db Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP291\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\SYSTEM32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\SYSTEM32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\AppEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\Internet.evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SAM Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SecEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SysEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\H323LOG.TXT Object is locked skipped
C:\WINDOWS\SYSTEM32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped
C:\WINDOWS\SYSTEM32\TVersityMediaServer.log Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\WIADEBUG.LOG Object is locked skipped
C:\WINDOWS\WIASERVC.LOG Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.

#8 don77

don77

    Forum Regular


  • Members
  • 3,212 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Boston Mass
  • Local time:05:18 AM

Posted 17 May 2008 - 08:02 AM

Perfect :thumbsup:

Anymore issues ?

For a nice list of freeware programmes in all categories, please have a look at this thread with freeware products that are regarded as useful by the users of this forum: Commonly Used Freeware Replacements.
Please also have a look at the following links, giving some advice and suggestions for preventing future infections: Now you should Set a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since System Restore is a protected directory, your tools can not access it to delete these bad files which sometimes can reinfect your system. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:
  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then go to Start > Run and type: Cleanmgr
  • Click "OK".
  • Click the "More Options" Tab.
  • Click "Clean Up" in the System Restore section to remove all previous restore points except the newly created one.
I recommend you regularly visit the Windows Update Site , you where lagging behind on a few of them!
  • Lots of Hacking/Trojans use the methods found (plugged by the updates) that have not been stopped by people not updating.
  • By updating your machine, you have one less headache! Posted Image
  • Update ALL Critical updates and any other Windows updates for services/programs that you use.
  • If you wish, you can also use automatic updates. This is a good thing to have if you want to be up-to-date all the time, but can also be a bit of an annoyance due to its handling and the sizes of the updates. If you wish to turn on automatic updates then you will find here is a nice little article about turning on automatic updates.
  • Note that it will download them for you, but you still have to actually click install.
  • If you do not want to have automatic updates turned on, or are on dial-up, you can always download updates seperately at: http://windowsupdate.microsoft.com.
It is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities. You can check these by visiting Secunia Software Inspector and Calendar of Updates.

Another recommend, is to download HostMan. It safeguards you with a regularly updated Hosts-file that blocks dangerous sites from opening. This adds another bit of safety while surfing the Internet. For installlation and setting up, follow these steps:
  • Double-click the Downloaded installer and install the tool to a location of your choice
  • Via the Startmenu, navigate to HostsMan and run the program.
    • Click "Hosts" in the menu
    • Click "Manage Updates" in the submenu
    • Out of the three, select atleast one of the three (I have MVPS Host as my main one)
    • Click "Add Update." After that you will only need to click on the following button to retrieve updates:
      Posted Image
  • Click the X to exit the program.
  • Note: If you were using a custom Hosts file you will need to replace any of those entries yourself.
Finally, and definitely the MOST IMPORTANT step, click on the following tutorial and follow each step listed there:

Simple and easy ways to keep your computer safe and secure on the Internet

Glad I was able to help and if there any other problems related to your computer please feel free to post them in the appropriate forum. Though we help people with spyware and viruses here at BC, we also help people with other computer problems! Do not forget to tell your friends about us!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users