Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Win32.vb.jl Removal, Please


  • This topic is locked This topic is locked
8 replies to this topic

#1 James1234567

James1234567

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:38 AM

Posted 19 May 2008 - 07:55 PM

Ok, well I used spybot to do a weekly scan I do and it came back with win32.vb.jl and it "removed" it. It keeps coming back and I think it is what has been giving me trouble today with installing a few programs. I tried installing macromedia shockwave standalone player and said that I wasn't an administrator (I am). So, I did what would make it work no matter what and went into safe mode and went into the window's administrator account and received the same error.

Thanks for the help in advance!
-James

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Monday, May 19, 2008 7:28:58 PM
Operating System: Microsoft Windows XP Professional, Service Pack 3 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 19/05/2008
Kaspersky Anti-Virus database records: 786342
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
E:\
F:\
G:\
H:\
I:\
J:\
K:\

Scan Statistics:
Total number of scanned objects: 194226
Number of viruses found: 2
Number of infected objects: 4
Number of suspicious objects: 0
Duration of the scan process: 00:54:28

Infected Object Name / Virus Name / Last Action
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
E:\Documents and Settings\All Other Losers\ntuser.dat Object is locked skipped
E:\Documents and Settings\All Other Losers\ntuser.dat.LOG Object is locked skipped
E:\Documents and Settings\All Users\Application Data\avg8\Antispam\scoffset.bin.incr Object is locked skipped
E:\Documents and Settings\All Users\Application Data\avg8\AvgAm\avgam.lck Object is locked skipped
E:\Documents and Settings\All Users\Application Data\avg8\emc\Log\emc.log Object is locked skipped
E:\Documents and Settings\All Users\Application Data\avg8\Log\avgam.log Object is locked skipped
E:\Documents and Settings\All Users\Application Data\avg8\Log\avgcore.log Object is locked skipped
E:\Documents and Settings\All Users\Application Data\avg8\Log\avgfw8u.log Object is locked skipped
E:\Documents and Settings\All Users\Application Data\avg8\Log\avglng.log Object is locked skipped
E:\Documents and Settings\All Users\Application Data\avg8\Log\avgns.log Object is locked skipped
E:\Documents and Settings\All Users\Application Data\avg8\Log\avgrs.log Object is locked skipped
E:\Documents and Settings\All Users\Application Data\avg8\Log\avgsched.log Object is locked skipped
E:\Documents and Settings\All Users\Application Data\avg8\Log\avgui.log Object is locked skipped
E:\Documents and Settings\All Users\Application Data\avg8\Log\avgwd.log Object is locked skipped
E:\Documents and Settings\All Users\Application Data\avg8\Log\commonpriv.log Object is locked skipped
E:\Documents and Settings\All Users\Application Data\avg8\Log\commonpub.log Object is locked skipped
E:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
E:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
E:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
E:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
E:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
E:\Documents and Settings\LocalService\ntuser.dat Object is locked skipped
E:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
E:\Documents and Settings\Mr. Incredible\Application Data\Mozilla\Firefox\Profiles\ohd9wmwy.default\cert8.db Object is locked skipped
E:\Documents and Settings\Mr. Incredible\Application Data\Mozilla\Firefox\Profiles\ohd9wmwy.default\formhistory.dat Object is locked skipped
E:\Documents and Settings\Mr. Incredible\Application Data\Mozilla\Firefox\Profiles\ohd9wmwy.default\history.dat Object is locked skipped
E:\Documents and Settings\Mr. Incredible\Application Data\Mozilla\Firefox\Profiles\ohd9wmwy.default\key3.db Object is locked skipped
E:\Documents and Settings\Mr. Incredible\Application Data\Mozilla\Firefox\Profiles\ohd9wmwy.default\parent.lock Object is locked skipped
E:\Documents and Settings\Mr. Incredible\Application Data\Mozilla\Firefox\Profiles\ohd9wmwy.default\retailmenot.sqlite Object is locked skipped
E:\Documents and Settings\Mr. Incredible\Application Data\Mozilla\Firefox\Profiles\ohd9wmwy.default\retailmenot.txt Object is locked skipped
E:\Documents and Settings\Mr. Incredible\Application Data\Mozilla\Firefox\Profiles\ohd9wmwy.default\search.sqlite Object is locked skipped
E:\Documents and Settings\Mr. Incredible\Application Data\Mozilla\Firefox\Profiles\ohd9wmwy.default\urlclassifier2.sqlite Object is locked skipped
E:\Documents and Settings\Mr. Incredible\Application Data\OpenOffice.org2\user\uno_packages\cache\log.txt Object is locked skipped
E:\Documents and Settings\Mr. Incredible\Application Data\OpenOffice.org2\user\uno_packages\cache\registry\com.sun.star.comp.deployment.component.PackageRegistryBackend\common_.rdb Object is locked skipped
E:\Documents and Settings\Mr. Incredible\Application Data\OpenOffice.org2\user\uno_packages\cache\registry\com.sun.star.comp.deployment.component.PackageRegistryBackend\Windows_x86_.rdb Object is locked skipped
E:\Documents and Settings\Mr. Incredible\Application Data\OpenOffice.org2\user\uno_packages\cache\registry\com.sun.star.comp.deployment.configuration.PackageRegistryBackend\registered_packages.db Object is locked skipped
E:\Documents and Settings\Mr. Incredible\Application Data\OpenOffice.org2\user\uno_packages\cache\uno_packages.db Object is locked skipped
E:\Documents and Settings\Mr. Incredible\Cookies\index.dat Object is locked skipped
E:\Documents and Settings\Mr. Incredible\Local Settings\Application Data\Microsoft\CardSpace\CardSpace.db Object is locked skipped
E:\Documents and Settings\Mr. Incredible\Local Settings\Application Data\Microsoft\CardSpace\CardSpace.db.shadow Object is locked skipped
E:\Documents and Settings\Mr. Incredible\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
E:\Documents and Settings\Mr. Incredible\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
E:\Documents and Settings\Mr. Incredible\Local Settings\Application Data\Microsoft\Windows Sidebar\Settings.ini Object is locked skipped
E:\Documents and Settings\Mr. Incredible\Local Settings\Application Data\Mozilla\Firefox\Profiles\ohd9wmwy.default\Cache\_CACHE_001_ Object is locked skipped
E:\Documents and Settings\Mr. Incredible\Local Settings\Application Data\Mozilla\Firefox\Profiles\ohd9wmwy.default\Cache\_CACHE_002_ Object is locked skipped
E:\Documents and Settings\Mr. Incredible\Local Settings\Application Data\Mozilla\Firefox\Profiles\ohd9wmwy.default\Cache\_CACHE_003_ Object is locked skipped
E:\Documents and Settings\Mr. Incredible\Local Settings\Application Data\Mozilla\Firefox\Profiles\ohd9wmwy.default\Cache\_CACHE_MAP_ Object is locked skipped
E:\Documents and Settings\Mr. Incredible\Local Settings\Application Data\Mozilla\Firefox\Profiles\ohd9wmwy.default\XUL.mfl Object is locked skipped
E:\Documents and Settings\Mr. Incredible\Local Settings\History\History.IE5\index.dat Object is locked skipped
E:\Documents and Settings\Mr. Incredible\Local Settings\History\History.IE5\MSHist012008051920080520\index.dat Object is locked skipped
E:\Documents and Settings\Mr. Incredible\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
E:\Documents and Settings\Mr. Incredible\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
E:\Documents and Settings\Mr. Incredible\ntuser.dat Object is locked skipped
E:\Documents and Settings\Mr. Incredible\ntuser.dat.LOG Object is locked skipped
E:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
E:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
E:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
E:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
E:\Program Files\OpenOffice.org 2.4\share\uno_packages\cache\log.txt Object is locked skipped
E:\Program Files\OpenOffice.org 2.4\share\uno_packages\cache\registry\com.sun.star.comp.deployment.component.PackageRegistryBackend\common_.rdb Object is locked skipped
E:\Program Files\OpenOffice.org 2.4\share\uno_packages\cache\registry\com.sun.star.comp.deployment.component.PackageRegistryBackend\Windows_x86_.rdb Object is locked skipped
E:\Program Files\OpenOffice.org 2.4\share\uno_packages\cache\registry\com.sun.star.comp.deployment.configuration.PackageRegistryBackend\registered_packages.db Object is locked skipped
E:\Program Files\OpenOffice.org 2.4\share\uno_packages\cache\uno_packages.db Object is locked skipped
E:\Program Files\PeerGuardian2\history.db Object is locked skipped
E:\Program Files\Utilities\LS Patch\LSPatch_1.1.exe/WISE0004.BIN Infected: not-a-virus:RiskTool.Win32.CloseApp.a skipped
E:\Program Files\Utilities\LS Patch\LSPatch_1.1.exe WiseSFX: infected - 1 skipped
E:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
E:\System Volume Information\_restore{CF98417F-8559-4F5C-97E7-5ACCE964EF94}\RP31\A0004699.exe/Toolbar.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.bm skipped
E:\System Volume Information\_restore{CF98417F-8559-4F5C-97E7-5ACCE964EF94}\RP31\A0004699.exe 7-Zip: infected - 1 skipped
E:\System Volume Information\_restore{CF98417F-8559-4F5C-97E7-5ACCE964EF94}\RP72\change.log Object is locked skipped
E:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
E:\WINDOWS\SchedLgU.Txt Object is locked skipped
E:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
E:\WINDOWS\Sti_Trace.log Object is locked skipped
E:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
E:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
E:\WINDOWS\system32\config\ACEEvent.evt Object is locked skipped
E:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
E:\WINDOWS\system32\config\default Object is locked skipped
E:\WINDOWS\system32\config\default.LOG Object is locked skipped
E:\WINDOWS\system32\config\Internet.evt Object is locked skipped
E:\WINDOWS\system32\config\SAM Object is locked skipped
E:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
E:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
E:\WINDOWS\system32\config\SECURITY Object is locked skipped
E:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
E:\WINDOWS\system32\config\software Object is locked skipped
E:\WINDOWS\system32\config\software.LOG Object is locked skipped
E:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
E:\WINDOWS\system32\config\system Object is locked skipped
E:\WINDOWS\system32\config\system.LOG Object is locked skipped
E:\WINDOWS\system32\h323log.txt Object is locked skipped
E:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
E:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
E:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
E:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
E:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
E:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
E:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
E:\WINDOWS\Temp\2923be84-e16c-46ae-9290-49f1f1bbe9eb.tmp Object is locked skipped
E:\WINDOWS\Temp\Perflib_Perfdata_950.dat Object is locked skipped
E:\WINDOWS\wiadebug.log Object is locked skipped
E:\WINDOWS\wiaservc.log Object is locked skipped
E:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.

Deckard's System Scanner v20071014.68
Run by Mr. Incredible on 2008-05-19 19:37:25
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------



-- Last 5 Restore Point(s) --
73: 2008-05-20 00:32:20 UTC - RP73 - Deckard's System Scanner Restore Point
72: 2008-05-19 18:53:59 UTC - RP72 - Shockwave Player
71: 2008-05-19 18:45:31 UTC - RP71 - Restore Operation
70: 2008-05-19 18:44:39 UTC - RP70 - Shockwave Player
69: 2008-05-19 18:07:58 UTC - RP69 - Shockwave Player


-- First Restore Point --
1: 2008-04-27 23:15:01 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Mr. Incredible.exe) --------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:39:12 PM, on 5/19/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20772)
Boot mode: Normal

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\Ati2evxx.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\Ati2evxx.exe
E:\WINDOWS\system32\spoolsv.exe
E:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
E:\PROGRA~1\AVG\AVG8\avgfws8.exe
E:\Program Files\Bonjour\mDNSResponder.exe
E:\Program Files\Maxtor\Sync\SyncServices.exe
E:\PROGRA~1\AVG\AVG8\avgam.exe
E:\PROGRA~1\AVG\AVG8\avgrsx.exe
E:\PROGRA~1\AVG\AVG8\avgemc.exe
E:\PROGRA~1\AVG\AVG8\avgnsx.exe
E:\WINDOWS\Explorer.EXE
E:\Program Files\LClock\LClock.exe
E:\WINDOWS\system32\mmm.exe
E:\Program Files\Unlocker\UnlockerAssistant.exe
E:\Program Files\Utilities\VisualTooltip\VisualToolTip.exe
E:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
E:\PROGRA~1\AVG\AVG8\avgtray.exe
E:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
E:\WINDOWS\system32\rundll32.exe
E:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe
E:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
E:\Program Files\TaskSwitchXP\TaskSwitchXP.exe
E:\Program Files\Windows Sidebar\sidebar.exe
E:\WINDOWS\system32\ctfmon.exe
E:\Program Files\PeerGuardian2\pg2.exe
E:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
E:\PROGRA~1\Greatis\REGRUN~1\WatchDog.exe
E:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
E:\Program Files\Styler\Styler.exe
E:\Program Files\OpenOffice.org 2.4\program\soffice.exe
E:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
E:\Program Files\Windows Sidebar\sidebar.exe
E:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
E:\WINDOWS\system32\lxbscoms.exe
E:\WINDOWS\system32\svchost.exe
E:\Documents and Settings\Mr. Incredible\Desktop\dss.exe
E:\PROGRA~1\TRENDM~1\HIJACK~1\Mr. Incredible.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - E:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - E:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - E:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - E:\Program Files\Styler\TB\StylerTB.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - E:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - E:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O4 - HKLM\..\Run: [LClock] E:\Program Files\LClock\LClock.exe
O4 - HKLM\..\Run: [PowerTweak Menu] E:\WINDOWS\system32\mmm.exe
O4 - HKLM\..\Run: [UnlockerAssistant] "E:\Program Files\Unlocker\UnlockerAssistant.exe" -H
O4 - HKLM\..\Run: [VisualTooltip] E:\Program Files\Utilities\VisualTooltip\VisualToolTip.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "E:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [StartCCC] "E:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] E:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] E:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] E:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "E:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] E:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "E:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [mxomssmenu] "E:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe"
O4 - HKLM\..\Run: [RegRun WinBait] E:\WINDOWS\winbait.exe
O4 - HKLM\..\Run: [@RegRunOnSecure] E:\PROGRA~1\Greatis\REGRUN~1\OnSecure.exe
O4 - HKLM\..\RunOnce: [*Restore] E:\WINDOWS\system32\restore\rstrui.exe -c
O4 - HKCU\..\Run: [TaskSwitchXP] E:\Program Files\TaskSwitchXP\TaskSwitchXP.exe
O4 - HKCU\..\Run: [Sidebar] E:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ctfmon.exe] E:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PeerGuardian] E:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [ISUSPM] "E:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [Regrun2] E:\PROGRA~1\Greatis\REGRUN~1\WatchDog.exe
O4 - HKCU\..\Run: [Registry] "E:\Program Files\Greatis\RegRunSuite\lsoon.exe" -1 30 "E:\Program Files\Greatis\RegRunSuite\rescue.exe" /a "c:\backreg\rstore.ini"
O4 - HKUS\S-1-5-20\..\Run: [TaskSwitchXP] E:\Program Files\TaskSwitchXP\TaskSwitchXP.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [TaskSwitchXP] E:\Program Files\TaskSwitchXP\TaskSwitchXP.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [TaskSwitchXP] E:\Program Files\TaskSwitchXP\TaskSwitchXP.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Startup: MagicDisc.lnk = E:\Program Files\MagicDisc\MagicDisc.exe
O4 - Startup: OpenOffice.org 2.4.lnk = E:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
O4 - Startup: Styler.lnk = ?
O8 - Extra context menu item: Append to existing PDF - res://E:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://E:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://E:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://E:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://E:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://E:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://E:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://E:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/u...can_unicode.cab
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - E:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll,wbsys.dll
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - E:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - E:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - E:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - E:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - E:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: AVG8 Firewall (avgfws8) - AVG Technologies CZ, s.r.o. - E:\PROGRA~1\AVG\AVG8\avgfws8.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - E:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - E:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Roxio\Roxio MyDVD Premier\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: lxbs_device - Lexmark International, Inc. - E:\WINDOWS\system32\lxbscoms.exe
O23 - Service: Maxtor Service (Maxtor Sync Service) - Seagate Technology LLC - E:\Program Files\Maxtor\Sync\SyncServices.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - E:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - E:\Program Files\Common Files\SureThing Shared\stllssvr.exe

--
End of file - 11282 bytes

-- File Associations -----------------------------------------------------------

.bat - batfile - shell\edit\command - E:\WINDOWS\system32\Notepad2.exe %1
.cmd - cmdfile - shell\edit\command - E:\WINDOWS\system32\Notepad2.exe %1
.cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.cpl - cplfile - shell\runas\command - rundll32.exe shell32.dll,Control_RunDLLAsUser "%1",%*
.inf - inffile - shell\open\command - E:\WINDOWS\system32\Notepad2.exe %1
.ini - inifile - shell\open\command - E:\WINDOWS\system32\Notepad2.exe %1
.js - jsfile - DefaultIcon - "E:\Program Files\Adobe\Adobe Dreamweaver CS3\Dreamweaver.exe",7
.js - jsfile - shell\open\command - "E:\Program Files\Adobe\Adobe Dreamweaver CS3\Dreamweaver.exe","%1"
.reg - regfile - shell\edit\command - E:\WINDOWS\system32\Notepad2.exe %1
.txt - txtfile - shell\open\command - E:\WINDOWS\system32\Notepad2.exe %1
.vbs - VBSFile - shell\edit\command - E:\WINDOWS\system32\Notepad2.exe %1


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 Partizan - e:\windows\system32\drivers\partizan.sys <Not Verified; Greatis Software; RegRun Security Suite>
R1 SCDEmu - e:\windows\system32\drivers\scdemu.sys <Not Verified; PowerISO Computing, Inc.; scdemu>
R3 mcdbus (Driver for MagicISO SCSI Host Controller) - e:\windows\system32\drivers\mcdbus.sys <Not Verified; MagicISO, Inc.; MagicISO SCSI Host Controller>
R3 pgfilter - e:\program files\peerguardian2\pgfilter.sys
R3 RegGuard - e:\windows\system32\drivers\regguard.sys <Not Verified; Greatis Software; RegRun Security Suite>

S1 OMCI - e:\windows\system32\drivers\omci.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Bonjour Service (##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##) - "e:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Computer, Inc.; Bonjour>
R3 FLEXnet Licensing Service - "e:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>

S3 stllssvr - "e:\program files\common files\surething shared\stllssvr.exe" <Not Verified; MicroVision Development, Inc.; SureThing CD Labeler>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID:
Description: XPS MiniView
Device ID: USB\VID_BEEF&PID_0006\AAAAAAAAAAAAAAAAAAAA
Manufacturer:
Name: XPS MiniView
PNP Device ID: USB\VID_BEEF&PID_0006\AAAAAAAAAAAAAAAAAAAA
Service:

Class GUID: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Description: SigmaTel High Definition Audio CODEC
Device ID: HDAUDIO\FUNC_01&VEN_8384&DEV_7618&SUBSYS_10280215&REV_1002\4&26E0D281&0&0001
Manufacturer: SigmaTel
Name: SigmaTel High Definition Audio CODEC
PNP Device ID: HDAUDIO\FUNC_01&VEN_8384&DEV_7618&SUBSYS_10280215&REV_1002\4&26E0D281&0&0001
Service: STHDA


-- Files created between 2008-04-19 and 2008-05-19 -----------------------------

2008-05-19 19:38:40 0 d-------- E:\Program Files\Trend Micro
2008-05-19 18:14:56 0 d-------- E:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-05-19 18:14:55 0 d-------- E:\WINDOWS\system32\Kaspersky Lab
2008-05-19 18:14:54 0 d-------- E:\WINDOWS\LastGood
2008-05-19 13:14:49 0 d-------- E:\Documents and Settings\Administrator\Application Data\Macromedia
2008-05-19 13:14:01 0 d-------- E:\Documents and Settings\Administrator\Application Data\Talkback
2008-05-19 13:13:50 0 d-------- E:\Documents and Settings\Administrator\Application Data\Mozilla
2008-05-19 13:10:48 0 d-------- E:\Documents and Settings\Administrator\Templates
2008-05-19 13:10:48 0 d-------- E:\Documents and Settings\Administrator\Start Menu
2008-05-19 13:10:48 2097152 --ah----- E:\Documents and Settings\Administrator\NTUSER.DAT
2008-05-19 13:10:48 0 d-------- E:\Documents and Settings\Administrator\My Documents
2008-05-19 13:10:48 0 d-------- E:\Documents and Settings\Administrator\Local Settings
2008-05-19 13:10:48 0 d-------- E:\Documents and Settings\Administrator\Favorites
2008-05-19 13:10:48 0 d-------- E:\Documents and Settings\Administrator\Cookies
2008-05-19 13:10:48 0 d-------- E:\Documents and Settings\Administrator\Application Data
2008-05-19 13:10:48 0 d-------- E:\Documents and Settings\Administrator\Application Data\WinRAR
2008-05-19 13:10:48 0 d-------- E:\Documents and Settings\Administrator\Application Data\Microsoft
2008-05-19 02:08:26 0 d-------- E:\WINDOWS\system32\Adobe
2008-05-19 00:36:36 0 d-------- E:\Documents and Settings\Mr. Incredible\Application Data\Leadertech
2008-05-19 00:34:57 0 d-------- E:\Program Files\Atari
2008-05-18 18:21:58 0 d-------- E:\Documents and Settings\Mr. Incredible\Application Data\Atari
2008-05-18 02:16:12 4694016 --a------ E:\Documents and Settings\Mr. Incredible\ntuser.dat
2008-05-18 02:16:10 15360 --a------ E:\WINDOWS\system32\WIN2PDFM.DLL
2008-05-17 14:30:31 0 d-------- E:\WINDOWS\Cache
2008-05-17 14:30:29 0 d-------- E:\Program Files\Coupons
2008-05-15 15:37:15 0 d-------- E:\Documents and Settings\Mr. Incredible\Application Data\Ashampoo
2008-05-15 15:37:11 0 d-------- E:\Documents and Settings\All Users\Application Data\ashampoo
2008-05-15 15:37:08 0 d-------- E:\Program Files\Ashampoo
2008-05-15 00:42:53 0 d-------- E:\Documents and Settings\Mr. Incredible\Application Data\URSoft
2008-05-15 00:42:51 0 d-a------ E:\Documents and Settings\All Users\Application Data\TEMP
2008-05-15 00:42:47 0 d-------- E:\Program Files\Your Uninstaller 2008
2008-05-15 00:03:44 0 d-------- E:\Documents and Settings\Mr. Incredible\Application Data\Pogo Games
2008-05-15 00:02:59 0 d-------- E:\Program Files\ToGo Game
2008-05-13 20:42:13 0 d--h----- E:\WINDOWS\$hf_mig$
2008-05-13 00:16:02 0 d-------- E:\Documents and Settings\All Users\Application Data\FNIOHDPHYG
2008-05-13 00:15:49 0 d-------- E:\Program Files\BadgeHelp
2008-05-11 19:22:16 0 dr-h----- E:\Documents and Settings\Mr. Incredible\Recent
2008-05-06 17:45:51 25773 --a------ E:\WINDOWS\system32\drivers\regguard.sys <Not Verified; Greatis Software; RegRun Security Suite>
2008-05-06 17:44:42 25088 --a------ E:\WINDOWS\system32\Partizan.exe <Not Verified; Greatis Software; RegRun Security Suite, UnHackMe>
2008-05-06 17:44:42 30946 --a------ E:\WINDOWS\system32\drivers\Partizan.sys <Not Verified; Greatis Software; RegRun Security Suite>
2008-05-06 17:44:42 0 d-------- E:\Documents and Settings\Mr. Incredible\Application Data\Regrun
2008-05-06 17:41:27 16384 --a------ E:\WINDOWS\WinBait.exe
2008-05-06 17:41:27 441856 --a------ E:\WINDOWS\RunGuard.exe <Not Verified; Greatis Software; RegRun Security Suite>
2008-05-06 17:41:24 0 d-------- E:\Program Files\Greatis
2008-05-05 13:35:25 0 d-------- E:\Program Files\Maxtor
2008-05-05 13:35:25 0 d-------- E:\Documents and Settings\All Users\Application Data\Maxtor
2008-05-05 13:34:58 0 d-------- E:\WINDOWS\Downloaded Installations
2008-05-05 13:34:51 0 d--hs---- E:\WINDOWS\ftpcache
2008-05-03 15:23:08 0 d-------- E:\Documents and Settings\All Other Losers\Application Data\Macromedia
2008-05-03 15:23:08 0 d-------- E:\Documents and Settings\All Other Losers\Application Data\Adobe
2008-05-03 15:20:52 0 d-------- E:\Documents and Settings\All Other Losers\Application Data\Talkback
2008-05-03 15:20:41 0 d-------- E:\Documents and Settings\All Other Losers\Application Data\Mozilla
2008-05-03 15:20:07 0 d-------- E:\Documents and Settings\All Other Losers\Application Data\Identities
2008-05-03 15:19:35 89 --a------ E:\Documents and Settings\All Other Losers\Del212E.bat
2008-05-03 15:19:34 0 d-------- E:\Documents and Settings\All Other Losers\Application Data\Sun
2008-05-03 15:19:34 0 d---s---- E:\Documents and Settings\All Other Losers\Application Data\Microsoft
2008-05-03 15:19:34 0 d-------- E:\Documents and Settings\All Other Losers\7zS2172.tmp
2008-05-03 15:19:33 0 d--h----- E:\Documents and Settings\All Other Losers\Templates
2008-05-03 15:19:33 0 dr------- E:\Documents and Settings\All Other Losers\Start Menu
2008-05-03 15:19:33 0 dr-h----- E:\Documents and Settings\All Other Losers\SendTo
2008-05-03 15:19:33 0 dr-h----- E:\Documents and Settings\All Other Losers\Recent
2008-05-03 15:19:33 0 d--h----- E:\Documents and Settings\All Other Losers\PrintHood
2008-05-03 15:19:33 1048576 --ah----- E:\Documents and Settings\All Other Losers\ntuser.dat
2008-05-03 15:19:33 0 d--h----- E:\Documents and Settings\All Other Losers\NetHood
2008-05-03 15:19:33 0 dr------- E:\Documents and Settings\All Other Losers\My Documents
2008-05-03 15:19:33 0 d--h----- E:\Documents and Settings\All Other Losers\Local Settings
2008-05-03 15:19:33 0 dr------- E:\Documents and Settings\All Other Losers\Favorites
2008-05-03 15:19:33 0 d-------- E:\Documents and Settings\All Other Losers\Desktop
2008-05-03 15:19:33 0 d--hs---- E:\Documents and Settings\All Other Losers\Cookies
2008-05-03 15:19:33 0 dr-h----- E:\Documents and Settings\All Other Losers\Application Data
2008-05-03 15:19:33 0 d-------- E:\Documents and Settings\All Other Losers\Application Data\WinRAR
2008-05-02 01:56:31 0 d-------- E:\Documents and Settings\Mr. Incredible\Application Data\OpenOffice.org2
2008-05-02 01:48:08 0 d-------- E:\Program Files\OpenOffice.org 2.4
2008-05-02 00:37:53 0 d-------- E:\Documents and Settings\Mr. Incredible\Application Data\Help
2008-05-01 14:35:26 0 d--h----- E:\$AVG8.VAULT$
2008-04-30 15:22:29 0 d--hs---- E:\WINDOWS\CSC
2008-04-30 03:38:14 0 d-------- E:\WINDOWS\system32\ReinstallBackups
2008-04-30 03:38:10 0 d-------- E:\Program Files\CONEXANT
2008-04-29 05:46:48 389120 --a------ E:\WINDOWS\system32\STLang.dll <Not Verified; SigmaTel, Inc.; C-Major Audio>
2008-04-29 05:46:48 393216 --a------ E:\WINDOWS\stsystra.exe <Not Verified; SigmaTel, Inc.; C-Major Audio>
2008-04-29 05:46:41 0 d-------- E:\Program Files\SigmaTel
2008-04-29 05:10:04 180224 --a------ E:\WINDOWS\system32\xvidvfw.dll
2008-04-29 05:10:04 765952 --a------ E:\WINDOWS\system32\xvidcore.dll
2008-04-29 02:35:10 4096 --a------ E:\WINDOWS\system32\crash
2008-04-29 02:28:46 0 d-------- E:\Program Files\GameSpy Arcade
2008-04-29 02:28:28 0 d-------- E:\Program Files\directx
2008-04-29 02:28:18 0 --a------ E:\WINDOWS\PowerReg.dat
2008-04-29 02:27:58 0 d-------- E:\Program Files\Infogrames Interactive
2008-04-29 01:06:38 0 d-------- E:\Program Files\iWin.com
2008-04-29 00:59:55 0 d-------- E:\Program Files\Phantom EFX
2008-04-29 00:52:21 0 d-------- E:\Program Files\VUGames
2008-04-28 23:26:13 0 d-------- E:\Documents and Settings\All Users\Application Data\Roxio
2008-04-28 23:24:54 0 d-------- E:\Program Files\Common Files\SureThing Shared
2008-04-28 23:24:25 0 d-------- E:\Program Files\Common Files\Sonic Shared
2008-04-28 19:01:11 0 d-------- E:\Program Files\Microsoft ActiveSync
2008-04-28 19:00:57 0 d-------- E:\WINDOWS\SHELLNEW
2008-04-28 19:00:57 0 d-------- E:\Program Files\Microsoft.NET
2008-04-28 18:59:40 0 dr-h----- E:\MSOCache
2008-04-28 17:25:48 0 d-------- E:\Program Files\Trymedia
2008-04-28 17:24:47 0 d-------- E:\Program Files\Monopoly Casino Vegas Edition
2008-04-28 16:39:00 0 d-------- E:\WINDOWS\system32\appmgmt
2008-04-28 16:05:23 0 d-------- E:\WINDOWS\Sun
2008-04-28 15:25:31 0 d-------- E:\Program Files\Xilisoft
2008-04-28 05:51:13 0 d-------- E:\Documents and Settings\Mr. Incredible\Application Data\DivX
2008-04-27 22:18:08 520192 --a------ E:\WINDOWS\RtlExUpd.dll <Not Verified; Realtek Semiconductor Corp.; RtlExUpd Dynamic Link Library>
2008-04-27 22:18:08 315392 --a------ E:\WINDOWS\HideWin.exe <Not Verified; Realtek Semiconductor Corp.; HD Audio Hide windows program>
2008-04-27 22:14:43 0 d-------- E:\Documents and Settings\Mr. Incredible\Application Data\GetRightToGo
2008-04-27 21:45:37 0 d-------- E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-27 21:40:28 44544 --a------ E:\WINDOWS\system32\msxml4a.dll <Not Verified; Microsoft Corporation; Microsoft® MSXML 4.0 SP1>
2008-04-27 21:40:16 0 d-------- E:\Program Files\Common Files\MAGIX Shared
2008-04-27 21:39:52 1089536 --a------ E:\WINDOWS\system32\ROBOEX32.DLL <Not Verified; eHelp Corporation.; RoboHelp for Word X3>
2008-04-27 21:39:52 0 d-------- E:\WINDOWS\system32\MAGIX
2008-04-27 21:39:52 49152 --a------ E:\WINDOWS\system32\INETWH32.dll <Not Verified; Blue Sky Software Corporation.; Blue Sky Software - INETWH32>
2008-04-27 21:39:52 85504 --a------ E:\WINDOWS\system32\HtmlWH.dll <Not Verified; Blue Sky Software Corporation.; RoboHELP Classic>
2008-04-27 21:39:52 0 d-------- E:\MAGIX
2008-04-27 21:39:21 475136 --a------ E:\WINDOWS\system32\mgxoschk.dll <Not Verified; MAGIX AG; mgxoschk>
2008-04-27 21:26:18 0 d-------- E:\Program Files\Alien Skin
2008-04-27 21:26:18 0 d-------- E:\Alien Skin
2008-04-27 21:25:50 0 d-------- E:\Alien Skin Xenofex 2
2008-04-27 20:55:28 0 d-------- E:\Documents and Settings\Mr. Incredible\Application Data\Lavasoft
2008-04-27 20:49:03 0 d-------- E:\Program Files\Full Tilt Poker
2008-04-27 20:43:29 0 d-------- E:\Documents and Settings\All Users\Application Data\FLEXnet
2008-04-27 20:21:22 0 d-------- E:\Program Files\QuickTime
2008-04-27 20:15:22 0 d-------- E:\Documents and Settings\All Users\Application Data\Adobe
2008-04-27 20:11:16 0 d-------- E:\Program Files\Bonjour
2008-04-27 20:08:41 0 d-------- E:\Program Files\Common Files\Macrovision Shared
2008-04-27 20:07:10 0 d-------- E:\Program Files\Common Files\Adobe
2008-04-27 19:57:13 0 d-------- E:\Program Files\MagicISO
2008-04-27 19:50:05 0 d-------- E:\Documents and Settings\Mr. Incredible\Application Data\Nero
2008-04-27 19:46:26 0 d-------- E:\Program Files\Nero
2008-04-27 19:46:26 0 d-------- E:\Program Files\Common Files\Nero
2008-04-27 19:46:26 0 d-------- E:\Documents and Settings\All Users\Application Data\Nero
2008-04-27 19:34:41 352256 --a------ E:\WINDOWS\msvcr71.dll <Not Verified; Microsoft Corporation; Microsoft® Visual Studio.NET>
2008-04-27 19:34:41 503808 --a------ E:\WINDOWS\msvcp71.dll <Not Verified; Microsoft Corporation; Microsoft® Visual Studio.NET>
2008-04-27 19:33:21 0 d-------- E:\Documents and Settings\All Users\Application Data\Sonic
2008-04-27 19:32:59 0 d-------- E:\Program Files\Common Files\Roxio Shared
2008-04-27 19:32:56 0 d-------- E:\Documents and Settings\Mr. Incredible\Application Data\InstallShield
2008-04-27 19:32:55 0 d-------- E:\Documents and Settings\All Users\Application Data\InstallShield
2008-04-27 19:32:52 0 d-------- E:\Program Files\Roxio
2008-04-27 19:26:49 0 d-------- E:\Program Files\XL Delete
2008-04-27 19:26:48 0 d--h----- E:\Documents and Settings\All Users\Application Data\{94FB5242-4A3E-4443-BB8D-C9E397CC6528}
2008-04-27 19:23:59 0 d-------- E:\Documents and Settings\All Users\Application Data\XL Delete
2008-04-27 19:19:53 0 d-------- E:\Program Files\Lexmark 810 Series
2008-04-27 19:19:49 0 d-------- E:\Temp
2008-04-27 19:18:48 0 d-------- E:\Documents and Settings\Mr. Incredible\Application Data\Macromedia
2008-04-27 19:18:48 0 d-------- E:\Documents and Settings\Mr. Incredible\Application Data\Adobe
2008-04-27 19:18:42 1685 --a------ E:\WINDOWS\mozver.dat
2008-04-27 19:17:56 0 d-------- E:\Program Files\DVD Shrink
2008-04-27 19:17:56 0 d-------- E:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-04-27 19:16:10 96256 --a------ E:\WINDOWS\system32\drivers\mcdbus.sys <Not Verified; MagicISO, Inc.; MagicISO SCSI Host Controller>
2008-04-27 19:16:05 0 d-------- E:\Program Files\MagicDisc
2008-04-27 19:13:11 0 d-------- E:\Program Files\PowerISO
2008-04-27 19:08:49 0 d-------- E:\Program Files\uTorrent
2008-04-27 19:08:43 0 d-------- E:\Documents and Settings\Mr. Incredible\Application Data\uTorrent
2008-04-27 19:02:00 0 d-------- E:\WINDOWS\system32\drivers\Avg
2008-04-27 19:01:46 0 d-------- E:\Program Files\AVG
2008-04-27 19:01:45 0 d-------- E:\Documents and Settings\All Users\Application Data\avg8
2008-04-27 18:53:29 0 d-------- E:\Program Files\PeerGuardian2
2008-04-27 18:50:15 0 d-------- E:\Program Files\DivX
2008-04-27 18:47:56 0 d-------- E:\Documents and Settings\Mr. Incredible\Application Data\ATI
2008-04-27 18:47:56 0 d-------- E:\Documents and Settings\All Users\Application Data\ATI
2008-04-27 18:47:47 0 --a------ E:\WINDOWS\ativpsrm.bin
2008-04-27 18:45:14 593920 -----n--- E:\WINDOWS\system32\ati2sgag.exe <Not Verified; ; ATI Smart>
2008-04-27 18:45:03 0 d--h----- E:\Program Files\InstallShield Installation Information
2008-04-27 18:33:36 0 d-------- E:\Documents and Settings\All Users\Application Data\Lumanate
2008-04-27 18:21:05 0 d-------- E:\Program Files\ATI Technologies
2008-04-27 18:21:03 0 d-------- E:\Program Files\ATI
2008-04-27 18:19:44 0 d-------- E:\Program Files\Intel
2008-04-27 18:19:36 0 d-------- E:\WINDOWS\system32\SoftwareDistribution
2008-04-27 18:19:34 0 d-------- E:\Intel
2008-04-27 18:18:52 0 d-------- E:\Documents and Settings\Mr. Incredible\Application Data\Talkback
2008-04-27 18:18:47 0 --a------ E:\WINDOWS\nsreg.dat
2008-04-27 18:18:45 0 d-------- E:\Documents and Settings\Mr. Incredible\Application Data\Mozilla
2008-04-27 18:17:13 0 d-------- E:\Program Files\Common Files\InstallShield
2008-04-27 18:16:21 0 d-------- E:\WINDOWS\system32\vmm32
2008-04-27 18:16:21 0 d-------- E:\Program Files\Dell
2008-04-27 18:14:59 0 d-------- E:\Documents and Settings\Mr. Incredible\Application Data\Styler
2008-04-27 18:14:45 0 d-------- E:\Documents and Settings\Mr. Incredible\Application Data\Identities
2008-04-27 18:14:28 0 d-------- E:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2008-04-27 18:14:11 89 --a------ E:\Documents and Settings\Mr. Incredible\Del212E.bat
2008-04-27 18:14:10 0 d--h----- E:\Documents and Settings\Mr. Incredible\Templates
2008-04-27 18:14:10 0 dr------- E:\Documents and Settings\Mr. Incredible\Start Menu
2008-04-27 18:14:10 0 dr-h----- E:\Documents and Settings\Mr. Incredible\SendTo
2008-04-27 18:14:10 0 d--h----- E:\Documents and Settings\Mr. Incredible\PrintHood
2008-04-27 18:14:10 0 d--h----- E:\Documents and Settings\Mr. Incredible\NetHood
2008-04-27 18:14:10 0 dr------- E:\Documents and Settings\Mr. Incredible\My Documents
2008-04-27 18:14:10 0 d--h----- E:\Documents and Settings\Mr. Incredible\Local Settings
2008-04-27 18:14:10 0 d---s---- E:\Documents and Settings\Mr. Incredible\Favorites
2008-04-27 18:14:10 0 d-------- E:\Documents and Settings\Mr. Incredible\Desktop
2008-04-27 18:14:10 0 d--hs---- E:\Documents and Settings\Mr. Incredible\Cookies
2008-04-27 18:14:10 0 dr-h----- E:\Documents and Settings\Mr. Incredible\Application Data
2008-04-27 18:14:10 0 d-------- E:\Documents and Settings\Mr. Incredible\Application Data\WinRAR
2008-04-27 18:14:10 0 d-------- E:\Documents and Settings\Mr. Incredible\Application Data\Sun
2008-04-27 18:14:10 0 d-------- E:\Documents and Settings\Mr. Incredible\7zS2172.tmp
2008-04-27 18:13:34 0 d-------- E:\WINDOWS\SoftwareDistribution
2008-04-27 18:13:32 0 d-------- E:\WINDOWS\Prefetch
2008-04-27 18:13:31 0 d---s---- E:\WINDOWS\system32\Microsoft
2008-04-27 18:06:03 655360 --a------ E:\Documents and Settings\NetworkService\NTUSER.DAT
2008-04-27 18:06:03 0 d--h----- E:\Documents and Settings\NetworkService\Local Settings
2008-04-27 18:06:03 0 d--hs---- E:\Documents and Settings\NetworkService\Cookies
2008-04-27 18:06:03 0 d-------- E:\Documents and Settings\NetworkService\Application Data
2008-04-27 18:06:03 0 d---s---- E:\Documents and Settings\NetworkService\Application Data\Microsoft
2008-04-27 18:05:03 520192 ---h----- E:\Documents and Settings\Default User\NTUSER.DAT
2008-04-27 18:04:52 0 d-------- E:\Program Files\Windows Media Connect 2
2008-04-27 18:04:27 0 d-------- E:\WINDOWS\system32\LogFiles
2008-04-27 18:04:27 0 d-------- E:\WINDOWS\system32\drivers\UMDF
2008-04-27 18:04:05 0 d-------- E:\Program Files\Alky for Applications
2008-04-27 18:03:59 18590 --a------ E:\WINDOWS\sKzVistaUltimateSound(Loud).reg
2008-04-27 18:03:57 0 d-------- E:\Program Files\Kristanix
2008-04-27 18:03:56 0 d-------- E:\Documents and Settings\Default User\7zS2172.tmp
2008-04-27 18:03:49 0 d-------- E:\Program Files\Stardock
2008-04-27 18:03:49 0 d-------- E:\Program Files\Common Files\Stardock
2008-04-27 18:03:32 0 d-------- E:\Program Files\Sysinternals
2008-04-27 18:03:14 0 d-------- E:\Program Files\Java
2008-04-27 18:03:14 0 d-------- E:\Program Files\Common Files\Java
2008-04-27 18:03:06 0 d-------- E:\Documents and Settings\Default User\Application Data\Sun
2008-04-27 18:01:52 89 --a------ E:\Documents and Settings\Default User\Del212E.bat
2008-04-27 18:01:35 0 d-------- E:\Documents and Settings\LocalService\Start Menu
2008-04-27 18:01:35 53248 --a------ E:\Documents and Settings\LocalService\ntuser.dat
2008-04-27 18:01:35 0 d-------- E:\Documents and Settings\LocalService\Local Settings
2008-04-27 18:01:35 0 d--hs---- E:\Documents and Settings\LocalService\Cookies
2008-04-27 18:01:35 0 d-------- E:\Documents and Settings\LocalService\Application Data
2008-04-27 18:01:35 0 d---s---- E:\Documents and Settings\LocalService\Application Data\Microsoft
2008-04-27 18:01:26 0 d-------- E:\WINDOWS\system32\XPSViewer
2008-04-27 18:01:26 0 d-------- E:\Program Files\MSBuild
2008-04-27 18:01:24 0 d-------- E:\Program Files\Reference Assemblies
2008-04-27 18:00:00 0 d-------- E:\WINDOWS\system32\URTTemp
2008-04-27 17:59:50 124928 -----n--- E:\WINDOWS\system32\prntvpt.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 17:58:56 0 d-------- E:\WINDOWS\system32\dllcache
2008-04-27 17:58:30 0 d--hs---- E:\Documents and Settings\All Users\DRM
2008-04-27 17:58:18 0 d--h----- E:\Program Files\WindowsUpdate
2008-04-27 17:58:16 0 d-------- E:\Program Files\Online Services
2008-04-27 17:57:53 0 d---s---- E:\WINDOWS\Tasks
2008-04-27 17:57:52 0 d-------- E:\Program Files\Common Files\MSSoap
2008-04-27 17:57:49 0 d-------- E:\WINDOWS\srchasst
2008-04-27 17:57:48 0 d-------- E:\WINDOWS\system32\Macromed
2008-04-27 17:57:23 0 d-------- E:\WINDOWS\system32\Restore
2008-04-27 17:56:43 21640 --a------ E:\WINDOWS\system32\emptyregdb.dat
2008-04-27 17:56:31 0 d-------- E:\WINDOWS\Registration
2008-04-27 17:56:20 0 dr------- E:\WINDOWS\Offline Web Pages
2008-04-27 17:56:20 0 d---s---- E:\WINDOWS\Downloaded Program Files
2008-04-27 17:55:18 0 d-------- E:\Program Files\VistaExperience.org
2008-04-27 17:54:07 0 d-------- E:\Program Files\Windows Sidebar
2008-04-27 17:53:54 498176 --a------ E:\WINDOWS\system32\vLogon.scr <Not Verified; Microsoft Corporation; Microsoft? Windows? Operating System>
2008-04-27 17:53:54 382976 --a------ E:\WINDOWS\system32\Vista.scr <Not Verified; Microsoft Corporation; Microsoft? Windows? Operating System>
2008-04-27 17:53:54 117248 --a------ E:\WINDOWS\system32\Ribbons.scr <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 17:53:54 117248 --a------ E:\WINDOWS\system32\Mystify.scr <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 17:53:54 720412 --a------ E:\WINDOWS\system32\MGB_ScreenSaver.scr <Not Verified; Tenmiles Corporation; ScreenSwift Screen Saver>
2008-04-27 17:53:54 773120 --a------ E:\WINDOWS\system32\Bubbles.scr <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 17:53:54 0 d-------- E:\Program Files\LClock
2008-04-27 17:53:53 1263616 --a------ E:\WINDOWS\system32\Aurora.scr <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 17:53:49 0 d-------- E:\Program Files\Styler
2008-04-27 17:53:48 0 d-------- E:\Program Files\CCleaner
2008-04-27 17:53:36 7680 --a------ E:\WINDOWS\system32\engine.dll <Not Verified; fromVistaToXp.com; Windows Vista API Implementation (Energy Lite)>
2008-04-27 17:53:35 8174592 --a------ E:\WINDOWS\system32\Branded.scr <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 17:53:34 0 d-------- E:\Program Files\Desktop
2008-04-27 17:53:10 0 d-------- E:\Documents and Settings\Default User\Application Data\WinRAR
2008-04-27 17:53:04 102400 --a------ E:\WINDOWS\system32\WhyReboot.exe <Not Verified; Exodus Development, Inc.; WhyReboot Module>
2008-04-27 17:53:03 1128 --a------ E:\WINDOWS\system32\WC.com
2008-04-27 17:53:03 69632 --a------ E:\WINDOWS\system32\WallChan.exe
2008-04-27 17:53:03 699508 --a------ E:\WINDOWS\system32\UpxGui.exe
2008-04-27 17:53:02 18030 --a------ E:\WINDOWS\system32\Replacer.cmd
2008-04-27 17:53:02 1373 --a------ E:\WINDOWS\system32\Reg2InfHandler.cmd
2008-04-27 17:53:02 65536 --a------ E:\WINDOWS\system32\Reg2Inf.exe <Not Verified; n7Epsilon; Reg2Inf>
2008-04-27 17:53:02 28672 --a------ E:\WINDOWS\system32\Refresh.exe <Not Verified; Camtech 2000; RefreshEm>
2008-04-27 17:53:02 216576 --a------ E:\WINDOWS\system32\PCalc.exe
2008-04-27 17:53:02 550912 --a------ E:\WINDOWS\system32\Notepad2.exe
2008-04-27 17:53:02 8636 --a------ E:\WINDOWS\system32\modifyPE.exe
2008-04-27 17:53:01 77824 --a------ E:\WINDOWS\system32\RegFileMerger.exe <Not Verified; XPero; Reg File Merger>
2008-04-27 17:53:01 828416 --a------ E:\WINDOWS\system32\mmm.exe
2008-04-27 17:53:01 175616 --a------ E:\WINDOWS\system32\mmm.dll
2008-04-27 17:53:01 163840 --a------ E:\WINDOWS\system32\metapath.exe
2008-04-27 17:53:01 1503 --a------ E:\WINDOWS\system32\makeiso.cmd
2008-04-27 17:53:01 53248 --a------ E:\WINDOWS\system32\LCISOCreator.exe <Not Verified; Lucersoft; LCISOCreator>
2008-04-27 17:53:00 1152165 --a------ E:\WINDOWS\system32\HFExtract.exe
2008-04-27 17:53:00 94208 --a------ E:\WINDOWS\system32\FGCBAHandler.exe <Not Verified; n7Epsilon; FileGather>
2008-04-27 17:53:00 122880 --a------ E:\WINDOWS\system32\FGCBA.exe <Not Verified; n7Epsilon; FileGather>
2008-04-27 17:53:00 98304 --a------ E:\WINDOWS\system32\EXPander.exe <Not Verified; XPero; eXPander>
2008-04-27 17:53:00 0 d-------- E:\Program Files\Utilities
2008-04-27 17:52:59 110085 --a------ E:\WINDOWS\system32\cdimage.exe
2008-04-27 17:52:59 20992 --a------ E:\WINDOWS\system32\Cabtool.exe <Not Verified; ; CAB Tool>
2008-04-27 17:52:59 114688 --a------ E:\WINDOWS\system32\Cabarc.exe
2008-04-27 17:52:59 0 d-------- E:\Program Files\TaskSwitchXP
2008-04-27 17:52:59 0 d-------- E:\Program Files\Attribute Changer
2008-04-27 17:52:52 946448 --a------ E:\WINDOWS\system32\calc.exe <Not Verified; Microsoft Corporation; Microsoft® Calculator Plus>
2008-04-27 17:52:43 0 d-------- E:\Program Files\Windows NT
2008-04-27 17:52:40 0 d-------- E:\WINDOWS\system32\MsDtc
2008-04-27 17:52:37 0 d-------- E:\WINDOWS\system32\Com
2008-04-27 12:43:07 0 d--hs---- E:\WINDOWS\Installer
2008-04-27 12:43:06 0 d-------- E:\Program Files\Common Files\ODBC
2008-04-27 12:43:04 0 d-------- E:\Program Files\Common Files\SpeechEngines
2008-04-27 12:43:03 0 dr------- E:\Program Files
2008-04-27 12:43:03 0 d-------- E:\Program Files\Common Files
2008-04-27 12:42:30 0 d--h----- E:\Documents and Settings\Default User\Templates
2008-04-27 12:42:30 0 dr------- E:\Documents and Settings\Default User\Start Menu
2008-04-27 12:42:30 0 dr-h----- E:\Documents and Settings\Default User\SendTo
2008-04-27 12:42:30 0 d--h----- E:\Documents and Settings\Default User\Recent
2008-04-27 12:42:30 0 d--h----- E:\Documents and Settings\Default User\PrintHood
2008-04-27 12:42:30 0 d--h----- E:\Documents and Settings\Default User\NetHood
2008-04-27 12:42:30 0 d-------- E:\Documents and Settings\Default User\My Documents
2008-04-27 12:42:30 0 dr-h----- E:\Documents and Settings\Default User\Local Settings
2008-04-27 12:42:30 0 d-------- E:\Documents and Settings\Default User\Favorites
2008-04-27 12:42:30 0 d-------- E:\Documents and Settings\Default User\Desktop
2008-04-27 12:42:30 0 d--hs---- E:\Documents and Settings\Default User\Cookies
2008-04-27 12:42:30 0 d--h----- E:\Documents and Settings\All Users\Templates
2008-04-27 12:42:30 0 dr------- E:\Documents and Settings\All Users\Start Menu
2008-04-27 12:42:30 0 d-------- E:\Documents and Settings\All Users\Favorites
2008-04-27 12:42:30 0 dr------- E:\Documents and Settings\All Users\Documents
2008-04-27 12:42:30 0 d-------- E:\Documents and Settings\All Users\Desktop
2008-04-27 12:42:18 0 d-------- E:\WINDOWS\system32\CatRoot2
2008-04-27 12:42:18 0 d-------- E:\WINDOWS\system32\CatRoot
2008-04-27 12:42:13 0 dr-h----- E:\Documents and Settings\Default User\Application Data
2008-04-27 12:42:13 0 d---s---- E:\Documents and Settings\Default User\Application Data\Microsoft
2008-04-27 12:42:13 0 dr-h----- E:\Documents and Settings\All Users\Application Data
2008-04-27 12:42:13 0 d---s---- E:\Documents and Settings\All Users\Application Data\Microsoft
2008-04-27 12:41:50 0 d-------- E:\Documents and Settings
2008-04-27 12:41:49 0 d--hs---- E:\System Volume Information
2008-04-27 12:38:03 0 d-------- E:\WINDOWS
2008-04-27 12:38:03 0 d-------- E:\WINDOWS\WinSxS
2008-04-27 12:38:03 0 dr------- E:\WINDOWS\Web
2008-04-27 12:38:03 0 d-------- E:\WINDOWS\twain_32
2008-04-27 12:38:03 0 d-------- E:\WINDOWS\system32
2008-04-27 12:38:03 0 d-------- E:\WINDOWS\system32\wins
2008-04-27 12:38:03 0 d-------- E:\WINDOWS\system32\wbem
2008-04-27 12:38:03 0 d-------- E:\WINDOWS\system32\usmt
2008-04-27 12:38:03 0 d-------- E:\WINDOWS\system32\spool
2008-04-27 12:38:03 0 d-------- E:\WINDOWS\system32\ShellExt
2008-04-27 12:38:03 0 d-------- E:\WINDOWS\system32\Setup
2008-04-27 12:38:03 0 d-------- E:\WINDOWS\system32\ras
2008-04-27 12:38:03 0 d-------- E:\WINDOWS\system32\oobe
2008-04-27 12:38:03 0 d-------- E:\WINDOWS\system32\npp
2008-04-27 12:38:03 0 d-------- E:\WINDOWS\system32\mui
2008-04-27 12:38:03 0 d-------- E:\WINDOWS\system32\inetsrv
2008-04-27 12:38:03 0 d-------- E:\WINDOWS\system32\IME
2008-04-27 12:38:03 0 d-------- E:\WINDOWS\system32\icsxml
2008-04-27 12:38:03 0 d-------- E:\WINDOWS\system32\ias
2008-04-27 12:38:03 0 d-------- E:\WINDOWS\system32\export
2008-04-27 12:38:03 0 d-------- E:\WINDOWS\system32\en
2008-04-27 12:38:03 0 d-------- E:\WINDOWS\system32\drivers
2008-04-27 12:38:03 0 d-------- E:\WINDOWS\system32\drivers\etc
2008-04-27 12:38:03 0 d-------- E:\WINDOWS\system32\drivers\disdn
2008-04-27 12:38:03 0 d-------- E:\WINDOWS\system32\dhcp
2008-04-27 12:38:03 0 d-------- E:\WINDOWS\system32\config
2008-04-27 12:38:03 0 d-------- E:\WINDOWS\system32\3com_dmi
2008-04-27 12:38:03 0 d-------- E:\WINDOWS\system32\3076
2008-04-27 12:38:03 0 d-------- E:\WINDOWS\system32\2052
2008-04-27 12:38:03 0 d-------- E:\WINDOWS\system32\1054
2008-04-27 12:38:03 0 d-------- E:\WINDOWS\system32\1042
2008-04-27 12:38:03 0 d-------- E:\WINDOWS\system32\1041
2008-04-27 12:38:03 0 d-------- E:\WINDOWS\system32\1037
2008-04-27 12:38:03 0 d-------- E:\WINDOWS\system32\1033
2008-04-27 12:38:03 0 d-------- E:\WINDOWS\system32\1031
2008-04-27 12:38:03 0 d-------- E:\WINDOWS\system32\1028
2008-04-27 12:38:03 0 d-------- E:\WINDOWS\system32\1025
2008-04-27 12:38:03 0 d-------- E:\WINDOWS\system
2008-04-27 12:38:03 0 d-------- E:\WINDOWS\security
2008-04-27 12:38:03 0 d-------- E:\WINDOWS\Resources
2008-04-27 12:38:03 0 d-------- E:\WINDOWS\repair
2008-04-27 12:38:03 0 d-------- E:\WINDOWS\Provisioning
2008-04-27 12:38:03 0 d-------- E:\WINDOWS\PeerNet
2008-04-27 12:38:03 0 d-------- E:\WINDOWS\pchealth
2008-04-27 12:38:03 0 d-------- E:\WINDOWS\NLDRV
2008-04-27 12:38:03 0 d-------- E:\WINDOWS\Network Diagnostic
2008-04-27 12:38:03 0 d-------- E:\WINDOWS\mui
2008-04-27 12:38:03 0 d-------- E:\WINDOWS\msapps
2008-04-27 12:38:03 0 d-------- E:\WINDOWS\msagent
2008-04-27 12:38:03 0 d-------- E:\WINDOWS\Media
2008-04-27 12:38:03 0 d-------- E:\WINDOWS\L2Schemas
2008-04-27 12:38:03 0 d-------- E:\WINDOWS\java
2008-04-27 12:38:03 0 d--h----- E:\WINDOWS\inf
2008-04-27 12:38:03 0 d-------- E:\WINDOWS\ime
2008-04-27 12:38:03 0 d-------- E:\WINDOWS\Help
2008-04-27 12:38:03 0 dr--s---- E:\WINDOWS\Fonts
2008-04-27 12:38:03 0 d-------- E:\WINDOWS\ehome
2008-04-27 12:38:03 0 d-------- E:\WINDOWS\Driver Cache
2008-04-27 12:38:03 0 d-------- E:\WINDOWS\Debug
2008-04-27 12:38:03 0 d-------- E:\WINDOWS\Cursors
2008-04-27 12:38:03 0 d-------- E:\WINDOWS\Connection Wizard
2008-04-27 12:38:03 0 d-------- E:\WINDOWS\Config
2008-04-27 12:38:03 0 d-------- E:\WINDOWS\AppPatch
2008-04-27 12:38:03 0 d-------- E:\WINDOWS\addins


-- Find3M Report ---------------------------------------------------------------

2008-04-27 12:42:30 62 --ahs---- E:\Documents and Settings\Mr. Incredible\Application Data\desktop.ini
2008-03-19 15:55:10 140288 --a------ E:\WINDOWS\system32\sfc_os.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-03-19 15:53:59 16384 --a------ E:\WINDOWS\system32\lcid.exe <Not Verified; Microsoft; lcid>
2008-03-19 15:53:50 176640 --a------ E:\WINDOWS\system32\taskmgr.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-03-19 15:53:12 98304 --a------ E:\WINDOWS\system32\makecab.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-03-19 15:49:44 200 --a------ E:\WINDOWS\system32\nlite.cmd
2008-03-15 13:24:47 5763584 --a------ E:\WINDOWS\system32\logonui.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-03-12 17:54:12 1344512 --a------ E:\WINDOWS\system32\msgina.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LClock"="E:\Program Files\LClock\LClock.exe" [09/19/2004 12:27 PM]
"PowerTweak Menu"="E:\WINDOWS\system32\mmm.exe" [07/05/2005 03:04 AM]
"UnlockerAssistant"="E:\Program Files\Unlocker\UnlockerAssistant.exe" [02/27/2008 09:33 AM]
"VisualTooltip"="E:\Program Files\Utilities\VisualTooltip\VisualToolTip.exe" [04/25/2007 09:45 AM]
"SunJavaUpdateSched"="E:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 04:25 AM]
"StartCCC"="E:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [01/21/2008 12:17 PM]
"AVG8_TRAY"="E:\PROGRA~1\AVG\AVG8\avgtray.exe" [04/27/2008 07:01 PM]
"PWRISOVM.EXE"="E:\Program Files\PowerISO\PWRISOVM.EXE" [03/14/2008 06:50 PM]
"NeroFilterCheck"="E:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [03/01/2007 02:57 PM]
"Acrobat Assistant 8.0"="E:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [05/10/2007 10:46 PM]
"@"="" []
"Adobe_ID0EYTHM"="E:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE" [03/20/2007 04:40 PM]
"BluetoothAuthenticationAgent"="bthprops.cpl" [03/07/2008 08:46 AM E:\WINDOWS\system32\bthprops.cpl]
"SigmatelSysTrayApp"="stsystra.exe" [09/09/2005 06:19 PM E:\WINDOWS\stsystra.exe]
"RegistryMechanic"="" []
"Adobe Reader Speed Launcher"="E:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 10:16 PM]
"mxomssmenu"="E:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe" [09/06/2007 02:53 PM]
"RegRun WinBait"="E:\WINDOWS\winbait.exe" [12/12/2000 07:56 PM]
"@RegRunOnSecure"="E:\PROGRA~1\Greatis\REGRUN~1\OnSecure.exe" [01/22/2003 11:03 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TaskSwitchXP"="E:\Program Files\TaskSwitchXP\TaskSwitchXP.exe" [08/04/2006 02:59 PM]
"Sidebar"="E:\Program Files\Windows Sidebar\sidebar.exe" [12/02/2007 10:58 PM]
"ctfmon.exe"="E:\WINDOWS\system32\ctfmon.exe" [03/07/2008 02:46 AM]
"PeerGuardian"="E:\Program Files\PeerGuardian2\pg2.exe" [09/18/2005 06:40 PM]
"ISUSPM"="E:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [09/11/2006 04:40 AM]
"Regrun2"="E:\PROGRA~1\Greatis\REGRUN~1\WatchDog.exe" [02/13/2008 05:12 PM]
"Registry"="E:\Program Files\Greatis\RegRunSuite\lsoon.exe" [02/13/2008 05:10 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]
"*Restore"=E:\WINDOWS\system32\restore\rstrui.exe -c

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"nltide_3"=rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
"ShowDeskFix"=regsvr32 /s /n /i:u shell32

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"TaskSwitchXP"=E:\Program Files\TaskSwitchXP\TaskSwitchXP.exe

E:\Documents and Settings\Mr. Incredible\Start Menu\Programs\Startup\
MagicDisc.lnk - E:\Program Files\MagicDisc\MagicDisc.exe [4/27/2008 7:16:05 PM]
OpenOffice.org 2.4.lnk - E:\Program Files\OpenOffice.org 2.4\program\quickstart.exe [1/21/2008 3:41:28 PM]
Styler.lnk - E:\Documents and Settings\Mr. Incredible\Application Data\Microsoft\Installer\{E9ECF354-2422-4FDB-9ABF-D8ADAC0EF941}\_585b207a.exe [4/27/2008 6:14:34 PM]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{F552DDE6-2090-4bf4-B924-6141E87789A5}"= E:\Program Files\Greatis\RegRunSuite\RRShell.dll [11/02/2004 09:15 AM 368711]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
E:\WINDOWS\System32\dimsntfy.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
E:\Program Files\Stardock\Object Desktop\WindowBlinds\wbsrv.dll 04/28/2008 06:07 AM 229376 E:\Program Files\Stardock\Object Desktop\WindowBlinds\WbSrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=avgrsstx.dll,wbsys.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\notepad.exe]
Debugger=E:\WINDOWS\system32\Notepad2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
eapsvcs eaphost
dot3svc dot3svc
bthsvcs BthServ

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
napagent
hkmsvc


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dd38170a-1951-11dd-b5a7-001c26dceeb7}]
AutoRun\command- .\Encryption Tool\MaxtorEncryption.exe

*Newly Created Service* - PGFILTER

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D58F39FF-953E-4F45-898F-59F243B9A523}]
RUNDLL32 advpack.dll,LaunchINFSection Sidebar.inf,Register



-- Hosts -----------------------------------------------------------------------

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

8378 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2008-05-19 19:40:40 ------------

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 3.0
Architecture: X86; Language: English

CPU 0: Intel® Core™2 Duo CPU E6850 @ 3.00GHz
Percentage of Memory in Use: 27%
Physical Memory (total/avail): 3069.87 MiB / 2211.93 MiB
Pagefile Memory (total/avail): 4955.71 MiB / 4272.53 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1853.43 MiB

C: is Fixed (NTFS) - 15 GiB total, 4.87 GiB free.
E: is Fixed (NTFS) - 283.02 GiB total, 255.2 GiB free.
F: is Removable (No Media)
G: is Removable (No Media)
H: is Removable (No Media)
I: is Removable (No Media)
J: is CDROM (No Media)
K: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - ST3320620AS - 298.09 GiB - 3 partitions
\PARTITION0 - Unknown - 54.88 MiB
\PARTITION1 (bootable) - Installable File System - 15 GiB - C:
\PARTITION2 - Extended w/Extended Int 13 - 283.02 GiB - E:

\\.\PHYSICALDRIVE2 - DELL USB HS-CF Card USB Device

\\.\PHYSICALDRIVE4 - DELL USB HS-MS Card USB Device

\\.\PHYSICALDRIVE5 - DELL USB HS-SD Card USB Device

\\.\PHYSICALDRIVE3 - DELL USB HS-xD/SM USB Device



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.


-- Environment Variables -------------------------------------------------------

ALKY=E:\Program Files\Alky for Applications\Libraries\
ALLUSERSPROFILE=E:\Documents and Settings\All Users
APPDATA=E:\Documents and Settings\Mr. Incredible\Application Data
CommonProgramFiles=E:\Program Files\Common Files
COMPUTERNAME=MRINCREDIBLE
ComSpec=E:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=E:
HOMEPATH=\Documents and Settings\Mr. Incredible
LOGONSERVER=\\MRINCREDIBLE
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=E:\WINDOWS\system32;E:\WINDOWS;E:\WINDOWS\System32\Wbem;E:\Program Files\Alky for Applications\Libraries\;E:\Program Files\ATI Technologies\ATI.ACE\Core-Static;E:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\;E:\Program Files\Common Files\Roxio Shared\DLLShared\;E:\Program Files\Common Files\Roxio Shared\DLLShared\;E:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 11, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0f0b
ProgramFiles=E:\Program Files
PROMPT=$P$G
RoxioCentral=E:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\
SESSIONNAME=Console
SystemDrive=E:
SystemRoot=E:\WINDOWS
TEMP=E:\DOCUME~1\MRA16F~1.INC\LOCALS~1\Temp
TMP=E:\DOCUME~1\MRA16F~1.INC\LOCALS~1\Temp
USERDOMAIN=MRINCREDIBLE
USERNAME=Mr. Incredible
USERPROFILE=E:\Documents and Settings\Mr. Incredible
windir=E:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Mr. Incredible (admin)
All Other Losers (new local)


-- Add/Remove Programs ---------------------------------------------------------

--> E:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
--> E:\Program Files\Nero\Nero8\\nero\uninstall\UNNERO.exe /UNINSTALL
--> E:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
--> E:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
--> E:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
--> E:\WINDOWS\UNNeroVision.exe /UNINSTALL
--> E:\WINDOWS\UNRecode.exe /UNINSTALL
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 E:\WINDOWS\INF\PCHealth.inf
µTorrent --> "E:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
Add or Remove Adobe Creative Suite 3 Master Collection --> E:\Program Files\Common Files\Adobe\Installers\4dcfd9b7e901b57f81f667144603236\Setup.exe
Adobe After Effects CS3 --> MsiExec.exe /I{EB0202F7-016A-410C-ADE4-40F848CCC661}
Adobe After Effects CS3 Presets --> MsiExec.exe /I{193EAFD0-1BAF-4FB4-B18F-79D5D6A4B285}
Adobe Anchor Service CS3 --> MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3 --> MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge CS3 --> MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting --> MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe BridgeTalk Plugin CS3 --> MsiExec.exe /I{B73CFB12-C814-4638-AFFD-7E3AAFAF0B4E}
Adobe Camera Raw 4.0 --> MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps --> MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color - Photoshop Specific --> MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
Adobe Color Common Settings --> MsiExec.exe /I{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}
Adobe Color EU Extra Settings --> MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8}
Adobe Color JA Extra Settings --> MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Recommended Settings --> MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5}
Adobe Contribute CS3 --> MsiExec.exe /I{FC9E08AA-CD59-4C59-BEF9-87E05B9E37D7}
Adobe Default Language CS3 --> MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3 --> MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe Dreamweaver CS3 --> MsiExec.exe /I{7C10F5C7-F00F-4BD3-A110-C7D240D2DD25}
Adobe Encore CS3 --> MsiExec.exe /I{54B2EAD9-A110-43F7-B010-2859A1BD2AFE}
Adobe Encore CS3 Codecs --> MsiExec.exe /I{B8B7A4D8-80E1-4DAE-BD33-7FD535BA3931}
Adobe ExtendScript Toolkit 2 --> MsiExec.exe /I{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}
Adobe Extension Manager CS3 --> MsiExec.exe /I{BE5F3842-8309-4754-92D5-83E02E6077A3}
Adobe Fireworks CS3 --> MsiExec.exe /I{7DFC1012-D346-46CE-B03E-FF79125AE029}
Adobe Flash Player Plugin --> E:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Video Encoder --> MsiExec.exe /I{2EFFFC71-1E66-454E-A6E6-CEEC800B96D2}
Adobe Fonts All --> MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Help Viewer CS3 --> MsiExec.exe /I{7ACFB90E-8FD0-4397-AD3A-5195412623A3}
Adobe InDesign CS3 Icon Handler --> MsiExec.exe /I{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}
Adobe Linguistics CS3 --> MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe MotionPicture Color Files --> MsiExec.exe /I{6B708481-748A-4EB4-97C1-CD386244FF77}
Adobe PDF Library Files --> MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Premiere Pro CS3 --> MsiExec.exe /I{58DCEEE5-532E-44F4-B1D7-A146EF9E9FDA}
Adobe Premiere Pro CS3 Functional Content --> MsiExec.exe /I{50F102CA-4BE2-41A9-9810-5BB05EB91B9A}
Adobe Premiere Pro CS3 Third Party Content --> MsiExec.exe /I{485ACF57-F364-440A-8496-E1E81C8FA1AA}
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Setup --> MsiExec.exe /I{4458C442-7376-4CF9-AF58-E8CEA6722363}
Adobe SING CS3 --> MsiExec.exe /I{B671CBFD-4109-4D35-9252-3062D3CCB7B2}
Adobe Soundbooth CS3 --> MsiExec.exe /I{A6B23EFA-6590-482C-A11F-5ACE1B91F5B9}
Adobe Soundbooth CS3 Codecs --> MsiExec.exe /I{0327FA9D-975C-448C-A086-577D57BB25B8}
Adobe Stock Photos CS3 --> MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe Type Support --> MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3 --> MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client --> MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe Version Cue CS3 Server --> MsiExec.exe /I{1D58229F-C505-45CA-8223-F35F3A34B963}
Adobe Video Profiles --> MsiExec.exe /I{845A8DB9-8802-4FD3-9FE3-938A6C46A2EC}
Adobe WAS CS3 --> MsiExec.exe /I{C5BD220A-EFE8-48A5-B70E-9503D535FACE}
Adobe WinSoft Linguistics Plugin --> MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe XMP DVA Panels CS3 --> MsiExec.exe /I{0224CACC-994D-45F8-B973-D65056EA9C2F}
Adobe XMP Panels CS3 --> MsiExec.exe /I{D5A31AB1-345D-47C7-A87B-036A669F6DF1}
AHV content for Acrobat and Flash --> MsiExec.exe /I{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}
Alien Skin Eye Candy 5 Impact --> E:\ALIENS~2\EYECAN~1\Unwise32.exe E:\ALIENS~2\EYECAN~1\INSTALL.LOG
Alien Skin Eye Candy 5 Nature --> E:\ALIENS~2\EYECAN~2\Unwise32.exe E:\ALIENS~2\EYECAN~2\INSTALL.LOG
Alien Skin Eye Candy 5 Textures --> E:\ALIENS~2\EYECAN~3\UNWISE.EXE E:\ALIENS~2\EYECAN~3\INSTALL.LOG
Alien Skin Snap Art --> E:\ALIENS~2\SNAPAR~1\Unwise32.exe E:\ALIENS~2\SNAPAR~1\INSTALL.LOG
Alien Skin Xenofex 2.0 --> E:\ALIENS~1\UNWISE.EXE E:\ALIENS~1\INSTALL.LOG
Alky for Applications (Windows XP) --> MsiExec.exe /X{BB05D173-9681-4812-A7FA-BD4042A3DA00}
Ashampoo Burning Studio 6 FREE --> "E:\Program Files\Ashampoo\Ashampoo Burning Studio 6\unins000.exe"
ATI - Software Uninstall Utility --> E:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Catalyst Control Center --> RunDll32 E:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "E:\Program Files\InstallShield Installation Information\{055EE59D-217B-43A7-ABFF-507B966405D8}\setup.exe" -l0x0
ATI Display Driver --> rundll32 E:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
Attribute Changer 5.30 --> rundll32.exe advpack.dll,LaunchINFSection Uberpack.inf,acuninstall
AVG 8.0 --> E:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
CCleaner (remove only) --> "E:\Program Files\CCleaner\uninst.exe"
Conexant D850 56K V.9x DFVc Modem --> E:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1\HXFSETUP.EXE -U -Idel200fk.inf
Coupon Printer for Windows --> "E:\Program Files\Coupons\uninstall.exe" "/U:E:\Program Files\Coupons\Uninstall\uninstall.xml"
DAMN NFO Viewer v2.10.0032.RC3 (Remove Only) --> rundll32.exe advpack.dll,LaunchINFSection DamnNFO.inf,DefaultUninstall
Dell Resource CD --> MsiExec.exe /X{42929F0F-CE14-47AF-9FC7-FF297A603021}
Dell Xcelerator™ for Portable Devices --> MsiExec.exe /X{ABA1C13F-D76E-4E8C-80CE-13BB88BBD955}
DivX Codec --> E:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Content Uploader --> E:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Converter --> E:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player --> E:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> E:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DVD Shrink 3.2 --> "E:\Program Files\DVD Shrink\unins000.exe"
Family Feud Hollywood Edition (remove only) --> "E:\Program Files\iWin.com\Family Feud Hollywood Edition\Uninstall.exe"
Full Tilt Poker --> "E:\Program Files\InstallShield Installation Information\{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}\setup.exe" -runfromtemp -l0x0009 -removeonly
Gadget Installer --> MsiExec.exe /I{3F3733A5-8322-454D-A638-3B74E1C83752}
GameSpy Arcade --> E:\PROGRA~1\GAMESP~1\UNWISE.EXE E:\PROGRA~1\GAMESP~1\INSTALL.LOG
Ghost Town --> E:\Program Files\InstallShield Installation Information\{2665A3DC-7019-4830-8E25-E580DF18302E}\setup.exe -runfromtemp -l0x0009 -removeonly
GoldRush --> E:\Program Files\InstallShield Installation Information\{DFEE6545-7BAA-4E18-A981-CFBDE865CBA9}\setup.exe -runfromtemp -l0x0009 -removeonly
HighRoller --> RunDll32 E:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "E:\Program Files\InstallShield Installation Information\{B6F3282D-3782-4FBC-B6A6-2F68F382F2C7}\setup.exe" -l0x9 -removeonly
IconPackager --> E:\PROGRA~1\Stardock\OBJECT~1\ICONPA~1\iconpackager.exe /uninstallwise
Intel® PRO Network Connections Drivers --> Prounstl.exe
Java™ 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Kaspersky Online Scanner --> E:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
LClock --> E:\Program Files\LClock\Uninstall.exe
Leisure Suit Larry - Magna Cum Laude --> E:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{A31289C6-04EF-4437-A35B-7CC96167145C}
Lexmark 810 Series --> E:\WINDOWS\system32\spool\drivers\w32x86\3\LXBSUNST.EXE -NOLICENSE
Lottso! Deluxe 1.3.53o --> E:\Program Files\ToGo Game\Lottso! Deluxe\Uninstall.exe
Macromedia Flash Player 8 --> E:\WINDOWS\system32\Macromed\Flash\UninstFl.exe
Magic ISO Maker v5.4 (build 0239) --> E:\PROGRA~1\MagicISO\UNWISE.EXE E:\PROGRA~1\MagicISO\INSTALL.LOG
MagicDisc 2.6.93 --> E:\PROGRA~1\MAGICD~1\UNWISE.EXE E:\PROGRA~1\MAGICD~1\INSTALL.LOG
MAGIX Ringtone Maker 2 silver (US) --> E:\MAGIX\Ringtone_Maker_2_silver\instslct.exe
Maxtor Manager --> "E:\Program Files\InstallShield Installation Information\{ED01D958-AEDC-40C8-93FD-0C08E8AA9530}\setup.exe" -runfromtemp -l0x0409 -removeonly
Maxtor Manager --> MsiExec.exe /I{ED01D958-AEDC-40C8-93FD-0C08E8AA9530}
Microsoft Compression Client Pack 1.0 for Windows XP --> "E:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office 2007 Recent Documents Gadget --> MsiExec.exe /X{90120000-008A-0409-0000-0000000FF1CE}
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "E:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Monopoly --> RunDll32 E:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "E:\Program Files\InstallShield Installation Information\{20FA8AEE-E785-4F79-98EB-2067A8F395F4}\Setup.exe" -l0x9
Monopoly Casino Vegas Edition --> "C:\Program Files\Monopoly Casino Vegas Edition\Uninstall\uninstall.exe" "/U:E:\Program Files\Monopoly Casino Vegas Edition\Uninstall\uninstall.xml"
Mozilla Firefox (2.0.0.14) --> E:\Program Files\Mozilla Firefox\uninstall\helper.exe
Nero 8 --> MsiExec.exe /X{5FCCD531-1B38-4A94-924C-127F722F1033}
neroxml --> MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
OpenOffice.org 2.4 --> MsiExec.exe /I{F87A8E11-02A4-4875-A3A5-5961081B0E4E}
Patch --> E:\Program Files\InstallShield Installation Information\{1F67E172-A1B5-4157-AA22-77118066A90A}\setup.exe -runfromtemp -l0x0009 -removeonly
PeerGuardian 2.0 --> "E:\Program Files\PeerGuardian2\unins000.exe"
PowerISO --> "E:\Program Files\PowerISO\uninstall.exe"
PowerTweaK Menu (mmm) --> rundll32.exe advpack.dll,LaunchINFSection Uberpack.inf,mmmuninstall
Reel Deal Card Games --> RunDll32 E:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "E:\Program Files\InstallShield Installation Information\{2712C3CA-931D-4B12-9605-06FF0DFDFADA}\setup.exe" -l0x9 -removeonly
RefreshEM --> rundll32.exe advpack.dll,LaunchINFSection Uberpack.inf,refreshemuninstall
Registry Mechanic 7.0 --> "E:\Program Files\Registry Mechanic\unins000.exe"
RegRun Security Suite Gold --> E:\Program Files\Greatis\RegRunSuite\R3UR.exe
RegShot --> rundll32.exe advpack.dll,LaunchINFSection Uberpack.inf,reguninstall
Resource Hacker --> rundll32.exe advpack.dll,LaunchINFSection Uberpack.inf,resuninstall
Right Click Image Converter --> "E:\Program Files\Kristanix\Right Click Image Converter\uninstall.exe"
Roxio Activation Module --> MsiExec.exe /I{07159635-9DFE-4105-BFC0-2817DB540C68}
Roxio Creator Audio --> MsiExec.exe /I{83FFCFC7-88C6-41C6-8752-958A45325C82}
Roxio Creator Copy --> MsiExec.exe /I{619CDD8A-14B6-43A1-AB6C-0F4EE48CE048}
Roxio Creator Data --> MsiExec.exe /I{0D397393-9B50-4C52-84D5-77E344289F87}
Roxio Creator Premier --> MsiExec.exe /I{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}
Roxio Creator Tools --> MsiExec.exe /I{0394CDC8-FABD-4ED8-B104-03393876DFDF}
Roxio EasyArchive --> MsiExec.exe /I{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}
Roxio Express Labeler --> MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Roxio MyDVD Premier --> MsiExec.exe /I{AAC90D5F-B8B1-4A06-B888-F3A241124D0D}
Roxio Update Manager --> MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
Sendto Xtras --> rundll32.exe advpack.dll,LaunchINFSection Uberpack.inf,sendtouninstall
SigmaTel Audio --> RunDll32 E:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "E:\Program Files\InstallShield Installation Information\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}\setup.exe" -l0x9 -remove -removeonly
Sonic CinePlayer Decoder Pack --> MsiExec.exe /I{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}
Sprint Digital Lounge --> E:\WINDOWS\system32\javaws.exe -uninstall -prompt "http://content.mplayit.com/client/sprint-catalog-resources.jarjnlp"
Spybot - Search & Destroy --> "E:\Program Files\Spybot - Search & Destroy\unins000.exe"
Styler --> MsiExec.exe /I{E9ECF354-2422-4FDB-9ABF-D8ADAC0EF941}
TaskSwitchXP --> E:\Program Files\TaskSwitchXP\uninst.exe
The Poppit Show 1.3.41o --> E:\Program Files\ToGo Game\The Poppit Show\Uninstall.exe
Unlocker 1.8.6 --> E:\Program Files\Unlocker\uninst.exe
VCRedistSetup --> MsiExec.exe /I{3921A67A-5AB1-4E48-9444-C71814CF3027}
Win2PDF 3.20.1 --> "E:\WINDOWS\system32\spool\drivers\w32x86\3\Win2PDF\unins000.exe"
WindowBlinds --> E:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\UNWISE.EXE E:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\INSTALL.LOG
Windows Media Format 11 runtime --> "E:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Sidebar --> RUNDLL32 advpack.dll,LaunchINFSection Sidebar.inf,UnInstall
Windows Vista Sounds Pack --> MsiExec.exe /I{E1230694-33DA-4E74-82E1-06CC9D545E9B}
WinRAR archiver --> E:\Program Files\WinRAR\uninstall.exe
XL Delete --> "E:\Documents and Settings\All Users\Application Data\{94FB5242-4A3E-4443-BB8D-C9E397CC6528}\XLDeleteSetup.exe" REMOVE=TRUE MODIFY=FALSE
XL Delete --> E:\Documents and Settings\All Users\Application Data\{94FB5242-4A3E-4443-BB8D-C9E397CC6528}\XLDeleteSetup.exe
XML Paper Specification Shared Components Pack 1.0 -->
Your Uninstaller! 2008 Version 6.0 --> "E:\Program Files\Your Uninstaller 2008\unins000.exe"


-- Application Event Log -------------------------------------------------------

Event Record #/Type501 / Error
Event Submitted/Written: 05/19/2008 01:40:38 PM
Event ID/Source: 1008 / MsiInstaller
Event Description:
The installation of E:\Program Files\Common Files\Wise Installation Wizard\WISCDDCBBF1270346BC938BBCC81A1EEAAA_4_0_0_1154.MSI is not permitted due to an error in software restriction policy processing. The object cannot be trusted.

Event Record #/Type500 / Error
Event Submitted/Written: 05/19/2008 01:35:39 PM
Event ID/Source: 1008 / MsiInstaller
Event Description:
The installation of E:\Program Files\Common Files\Wise Installation Wizard\WISCDDCBBF1270346BC938BBCC81A1EEAAA_4_0_0_1154.MSI is not permitted due to an error in software restriction policy processing. The object cannot be trusted.

Event Record #/Type491 / Error
Event Submitted/Written: 05/19/2008 00:30:36 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application visualtooltip.exe, version 2.2.0.0, faulting module visualtooltip.exe, version 2.2.0.0, fault address 0x00006d9a.
Processing media-specific event for [visualtooltip.exe!ws!]

Event Record #/Type486 / Error
Event Submitted/Written: 05/19/2008 00:05:54 AM
Event ID/Source: 1001 / Application Error
Event Description:
Fault bucket 726566821.
The Wep key exchange did not result in a secure connection setup after 802.1x authentication. The current setting has been marked as failed and the Wireless connection will be disconnected.

Event Record #/Type485 / Error
Event Submitted/Written: 05/19/2008 00:05:51 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application firefox.exe, version 1.8.20080.40413, faulting module js3250.dll, version 4.0.0.0, fault address 0x00031bf1.
Processing media-specific event for [firefox.exe!ws!]



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type2072 / Warning
Event Submitted/Written: 05/19/2008 06:33:46 PM
Event ID/Source: 57 / Ftdisk
Event Description:
The system failed to flush data to the transaction log. Corruption may occur.

Event Record #/Type2071 / Warning
Event Submitted/Written: 05/19/2008 06:33:46 PM
Event ID/Source: 57 / Ftdisk
Event Description:
The system failed to flush data to the transaction log. Corruption may occur.

Event Record #/Type2070 / Warning
Event Submitted/Written: 05/19/2008 06:33:46 PM
Event ID/Source: 51 / Disk
Event Description:
An error was detected on device \Device\Harddisk6\D during a paging operation.

Event Record #/Type2069 / Warning
Event Submitted/Written: 05/19/2008 06:33:46 PM
Event ID/Source: 51 / Disk
Event Description:
An error was detected on device \Device\Harddisk6\D during a paging operation.

Event Record #/Type2068 / Warning
Event Submitted/Written: 05/19/2008 06:33:46 PM
Event ID/Source: 51 / Disk
Event Description:
An error was detected on device \Device\Harddisk6\D during a paging operation.



-- End of Deckard's System Scanner: finished at 2008-05-19 19:40:40 ------------

BC AdBot (Login to Remove)

 


#2 RenatoMejias

RenatoMejias

  • Malware Response Team
  • 913 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:38 AM

Posted 15 June 2008 - 10:41 PM

Hello


Apologize for the delay in response we get overwhelmed at times but we are trying our best to keep up.
If you have since resolved the original problem you were having would appreciate you letting us know If not please perform the following below so I can have a look at the current condition of your machine.

Thanks and again sorry for the delay.

Please download Deckard's System Scanner (DSS) and save to your Desktop.
alternate download site

DSS will do the following:
  • Create a new System Restore point in Windows XP and Vista.
  • Clean your Temporary Files, Downloaded Program Files, Internet Cache Files, and empty the Recycle Bin on all drives.
  • Check some important areas of your system and produce a report for an analyst to review.
  • Automatically run HijackThis. It will also install and place a shortcut to HijackThis on your desktop if you do not already have it installed. So if HijackThis is not installed and DSS prompts you to download it, please answer yes.
You must be logged onto an account with administrator privileges when using.
  • Close all applications and windows.
  • Double-click on dss.exe to run it and follow the prompts.
  • If your anti-virus or firewall complains, please allow this script to run as it is not
    malicious.
  • When the scan is complete, two text files will open in Notepad:
    • main.txt <- this one will be maximized
    • extra.txt <- this one will be minimized
  • If not, they both can be found in the C:\Deckard\System Scanner folder.
  • Please copy (Ctrl+C) and paste (Ctrl+V) the contents of main.txt and extra.txt in your next reply.
-- When running DSS, some firewalls may warn that it is trying to access the Internet especially if your asked to download the most current version of HijackThis. Please ensure that you allow it permission to do so.
-- If you get a warning from your anti-virus while DSS is scanning, please allow DSS to continue as the scan is not harmful.



Next
Please do a scan with Kaspersky Online Scanner

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

Click on the Accept button and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

Renato Victor Mejias
Malware help in portuguese
jetian6yw.jpg

#3 James1234567

James1234567
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:38 AM

Posted 19 June 2008 - 01:03 AM

Sorry for my timely response, I didn't expect this to get looked at so soon! Thanks in advance. Ok, first DSS only output was main.txt, I went into the E:\Deckard\System Scanner (my windows drive is E:) and nothing was there but main.txt. Also, after doing the kapersky scanner, there were no malware detected, therefore no scan report. So, here is main.txt. I also have a question about hijackthis. Last time I ran it there were hosts that came up and this time there isn't why is that?

Thanks!


Deckard's System Scanner v20071014.68
Run by Mr. Incredible on 2008-06-18 23:33:59
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Mr. Incredible.exe) --------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:34:06 PM, on 6/18/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20815)
Boot mode: Normal

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\csrss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\Ati2evxx.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\system32\svchost.exe
E:\Program Files\Windows Defender\MsMpEng.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\system32\Ati2evxx.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\system32\svchost.exe
E:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
E:\WINDOWS\system32\spoolsv.exe
E:\Program Files\Ashampoo\Ashampoo AntiSpyWare 2\AntiSpyWareService.exe
E:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
E:\PROGRA~1\AVG\AVG8\avgfws8.exe
E:\Program Files\Bonjour\mDNSResponder.exe
E:\WINDOWS\system32\svchost.exe
E:\Program Files\Maxtor\Sync\SyncServices.exe
E:\WINDOWS\Explorer.EXE
E:\PROGRA~1\AVG\AVG8\avgam.exe
E:\PROGRA~1\AVG\AVG8\avgrsx.exe
E:\PROGRA~1\AVG\AVG8\avgnsx.exe
E:\PROGRA~1\AVG\AVG8\avgemc.exe
E:\WINDOWS\system32\wbem\wmiprvse.exe
E:\Program Files\LClock\LClock.exe
E:\WINDOWS\system32\mmm.exe
E:\WINDOWS\System32\alg.exe
E:\Program Files\Unlocker\UnlockerAssistant.exe
E:\Program Files\Utilities\VisualTooltip\VisualToolTip.exe
E:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
E:\PROGRA~1\AVG\AVG8\avgtray.exe
E:\WINDOWS\system32\rundll32.exe
E:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
E:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
E:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe
E:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
E:\Program Files\Ashampoo\Ashampoo AntiSpyWare 2\AntiSpyWare2Guard.exe
E:\Program Files\Windows Defender\MSASCui.exe
E:\Program Files\TaskSwitchXP\TaskSwitchXP.exe
E:\Program Files\Windows Sidebar\sidebar.exe
E:\WINDOWS\system32\ctfmon.exe
E:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
E:\Program Files\PeerGuardian2\pg2.exe
E:\Program Files\Styler\Styler.exe
E:\Program Files\Windows Sidebar\sidebar.exe
E:\WINDOWS\system32\wuauclt.exe
E:\Documents and Settings\Mr. Incredible\Desktop\dss.exe
E:\PROGRA~1\TRENDM~1\HIJACK~1\MRINCR~1.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {074C1DC5-9320-4A9A-947D-C042949C6216} - (no file)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - E:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: (no name) - {AE7CD045-E861-484f-8273-0445EE161910} - (no file)
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - E:\Program Files\Styler\TB\StylerTB.dll
O4 - HKLM\..\Run: [LClock] E:\Program Files\LClock\LClock.exe
O4 - HKLM\..\Run: [PowerTweak Menu] E:\WINDOWS\system32\mmm.exe
O4 - HKLM\..\Run: [UnlockerAssistant] "E:\Program Files\Unlocker\UnlockerAssistant.exe" -H
O4 - HKLM\..\Run: [VisualTooltip] E:\Program Files\Utilities\VisualTooltip\VisualToolTip.exe
O4 - HKLM\..\Run: [StartCCC] "E:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] E:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "E:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [mxomssmenu] "E:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "E:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: ['Ashampoo AntiSpyWare 2 Guard'] E:\Program Files\Ashampoo\Ashampoo AntiSpyWare 2\AntiSpyWare2Guard.exe
O4 - HKLM\..\Run: [Windows Defender] "E:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [TaskSwitchXP] E:\Program Files\TaskSwitchXP\TaskSwitchXP.exe
O4 - HKCU\..\Run: [Sidebar] E:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ctfmon.exe] E:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ISUSPM] "E:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [PeerGuardian] E:\Program Files\PeerGuardian2\pg2.exe
O4 - HKUS\S-1-5-20\..\Run: [TaskSwitchXP] E:\Program Files\TaskSwitchXP\TaskSwitchXP.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [TaskSwitchXP] E:\Program Files\TaskSwitchXP\TaskSwitchXP.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [TaskSwitchXP] E:\Program Files\TaskSwitchXP\TaskSwitchXP.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = E:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Styler.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/u...can_unicode.cab
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - E:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll,wbsys.dll
O23 - Service: Ashampoo AntiSpyWare 2 Service (AASW2_Service) - Unknown owner - E:\Program Files\Ashampoo\Ashampoo AntiSpyWare 2\AntiSpyWareService.exe
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - E:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - E:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - E:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - E:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - E:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - E:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: AVG8 Firewall (avgfws8) - AVG Technologies CZ, s.r.o. - E:\PROGRA~1\AVG\AVG8\avgfws8.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - E:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - E:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Roxio\Roxio MyDVD Premier\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: lxbs_device - Lexmark International, Inc. - E:\WINDOWS\system32\lxbscoms.exe
O23 - Service: Maxtor Service (Maxtor Sync Service) - Seagate Technology LLC - E:\Program Files\Maxtor\Sync\SyncServices.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - E:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - E:\Program Files\Common Files\SureThing Shared\stllssvr.exe

--
End of file - 9472 bytes

-- Files created between 2008-05-18 and 2008-06-18 -----------------------------

2008-06-18 21:44:46 0 d-------- E:\Program Files\Drug Lord 2
2008-06-17 20:11:55 0 d-------- E:\Program Files\Microsoft Works
2008-06-17 20:08:30 0 d-------- E:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-06-17 00:45:46 0 d-------- E:\Documents and Settings\All Users\Application Data\Trymedia
2008-06-17 00:44:13 0 d-------- E:\Program Files\Risk II
2008-06-17 00:43:54 0 d-------- E:\Program Files\ReflexiveArcade
2008-06-16 21:32:20 0 d-------- E:\Program Files\PeerGuardian2
2008-06-16 19:49:17 0 d-------- E:\Documents and Settings\Mr. Incredible\Application Data\Opera
2008-06-13 15:42:20 0 d-------- E:\Program Files\Windows Defender
2008-06-11 20:55:51 0 d-------- E:\Program Files\SpywareBlaster
2008-06-08 20:33:26 0 d-------- E:\Documents and Settings\All Users\Application Data\Azureus
2008-06-08 20:33:24 0 d-------- E:\Documents and Settings\Mr. Incredible\Application Data\Azureus
2008-06-08 20:33:08 0 d-------- E:\Program Files\Azureus
2008-06-08 14:46:20 0 d-------- E:\Program Files\Driver-Soft
2008-06-07 21:36:07 0 d-------- E:\Program Files\AC3Filter
2008-06-07 18:04:02 0 d-------- E:\Program Files\Lavasoft
2008-06-07 18:03:44 0 d-------- E:\Program Files\Common Files\Wise Installation Wizard
2008-06-04 14:19:32 0 d-------- E:\Documents and Settings\Mr. Incredible\Application Data\Media Player Classic
2008-06-04 02:38:54 0 dr-h----- E:\Documents and Settings\Mr. Incredible\Recent
2008-06-02 07:13:54 0 d-------- E:\Documents and Settings\Mr. Incredible\Application Data\FileZilla
2008-06-02 05:10:59 0 d-------- E:\Program Files\FileZilla FTP Client
2008-05-31 19:52:14 774144 --a------ E:\Program Files\RngInterstitial.dll <Not Verified; RealNetworks, Inc.; RealNetworks, Inc. RngInterstitial>
2008-05-31 19:52:09 0 d-------- E:\Program Files\Real
2008-05-31 19:52:08 0 d-------- E:\Program Files\Common Files\Real
2008-05-30 05:42:54 0 d-------- E:\Documents and Settings\Mr. Incredible\Application Data\Thunderbird
2008-05-30 05:42:47 0 d-------- E:\Program Files\Mozilla Thunderbird
2008-05-30 04:44:57 0 d--h----- E:\WINDOWS\PIF
2008-05-29 03:00:28 0 d-------- E:\WINDOWS\system32\PreInstall
2008-05-27 20:03:59 0 d-------- E:\Documents and Settings\Mr. Incredible\Application Data\Flickr
2008-05-27 18:48:04 0 d-------- E:\Program Files\Flickr Uploadr
2008-05-26 05:41:21 0 d-------- E:\Program Files\Ashampoo
2008-05-25 17:54:00 0 d-------- E:\Program Files\DiskTrix
2008-05-24 18:59:50 0 d-------- E:\Program Files\Real Alternative
2008-05-24 18:59:50 0 d-------- E:\Documents and Settings\Mr. Incredible\Application Data\Real
2008-05-24 18:59:50 0 d-------- E:\Documents and Settings\All Users\Application Data\Real
2008-05-24 18:43:57 0 d-------- E:\Program Files\WinAVI Video Converter
2008-05-23 02:38:00 0 d-------- E:\Program Files\QuickTime
2008-05-23 02:36:48 0 d-------- E:\Program Files\Bonjour
2008-05-23 02:18:29 0 d-------- E:\WINDOWS\system32\NtmsData
2008-05-23 01:53:44 0 d-------- E:\Program Files\Common Files\Macrovision Shared
2008-05-23 01:46:06 0 d-------- E:\Documents and Settings\All Users\Application Data\Adobe Systems
2008-05-23 01:45:52 0 d-------- E:\Program Files\Common Files\Adobe Systems Shared
2008-05-22 23:33:58 0 d-------- E:\WINDOWS\048298C9A4D3490B9FF9AB023A9238F3.TMP
2008-05-22 02:55:09 33 --a------ E:\WINDOWS\popcinfot.dat
2008-05-22 02:44:09 0 d-------- E:\Program Files\Steam
2008-05-22 00:55:42 0 d-------- E:\Program Files\easetech
2008-05-21 02:22:01 0 d-------- E:\Program Files\Button Shop
2008-05-20 13:17:11 0 d-------- E:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-05-20 13:17:04 0 d-------- E:\Program Files\SUPERAntiSpyware
2008-05-20 13:17:04 0 d-------- E:\Documents and Settings\Mr. Incredible\Application Data\SUPERAntiSpyware.com
2008-05-20 07:13:35 0 d-------- E:\Documents and Settings\All Users\Application Data\Lavasoft
2008-05-20 04:18:32 0 d-------- E:\Program Files\PCPitstop
2008-05-20 04:00:27 0 d-------- E:\Program Files\Exterminate It!
2008-05-19 19:38:40 0 d-------- E:\Program Files\Trend Micro
2008-05-19 18:14:56 0 d-------- E:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-05-19 18:14:55 0 d-------- E:\WINDOWS\system32\Kaspersky Lab
2008-05-19 13:14:49 0 d-------- E:\Documents and Settings\Administrator\Application Data\Macromedia
2008-05-19 13:14:01 0 d-------- E:\Documents and Settings\Administrator\Application Data\Talkback
2008-05-19 13:13:50 0 d-------- E:\Documents and Settings\Administrator\Application Data\Mozilla
2008-05-19 13:10:48 0 d-------- E:\Documents and Settings\Administrator\Templates
2008-05-19 13:10:48 0 d-------- E:\Documents and Settings\Administrator\Start Menu
2008-05-19 13:10:48 2097152 --ah----- E:\Documents and Settings\Administrator\NTUSER.DAT
2008-05-19 13:10:48 0 d-------- E:\Documents and Settings\Administrator\My Documents
2008-05-19 13:10:48 0 d-------- E:\Documents and Settings\Administrator\Local Settings
2008-05-19 13:10:48 0 d-------- E:\Documents and Settings\Administrator\Favorites
2008-05-19 13:10:48 0 d-------- E:\Documents and Settings\Administrator\Cookies
2008-05-19 13:10:48 0 d-------- E:\Documents and Settings\Administrator\Application Data
2008-05-19 13:10:48 0 d-------- E:\Documents and Settings\Administrator\Application Data\WinRAR
2008-05-19 13:10:48 0 d-------- E:\Documents and Settings\Administrator\Application Data\Microsoft
2008-05-19 02:08:26 0 d-------- E:\WINDOWS\system32\Adobe
2008-05-19 00:36:36 0 d-------- E:\Documents and Settings\Mr. Incredible\Application Data\Leadertech
2008-05-19 00:34:57 0 d-------- E:\Program Files\Atari
2008-05-18 18:21:58 0 d-------- E:\Documents and Settings\Mr. Incredible\Application Data\Atari
2008-05-18 02:16:12 6553600 --a------ E:\Documents and Settings\Mr. Incredible\ntuser.dat
2008-05-18 02:16:10 15360 --a------ E:\WINDOWS\system32\WIN2PDFM.DLL


-- Find3M Report ---------------------------------------------------------------

2008-06-18 21:35:33 0 d-------- E:\Documents and Settings\Mr. Incredible\Application Data\uTorrent
2008-06-18 14:34:53 0 d-------- E:\Program Files\Full Tilt Poker
2008-06-17 18:37:37 0 d-------- E:\Documents and Settings\Mr. Incredible\Application Data\Mozilla
2008-06-11 22:12:35 0 d-------- E:\Program Files\iWin.com
2008-06-07 18:03:44 0 d-------- E:\Program Files\Common Files
2008-05-31 03:38:42 4096 --a------ E:\WINDOWS\system32\crash
2008-05-30 19:20:00 0 d-------- E:\Program Files\uTorrent
2008-05-26 05:41:39 0 d-------- E:\Documents and Settings\Mr. Incredible\Application Data\Ashampoo
2008-05-23 06:18:37 0 d-------- E:\Documents and Settings\Mr. Incredible\Application Data\Adobe
2008-05-23 02:36:45 0 d-------- E:\Program Files\Common Files\Adobe
2008-05-23 00:51:33 0 d--h----- E:\Program Files\InstallShield Installation Information
2008-05-22 23:42:16 0 d-------- E:\Program Files\Coupons
2008-05-22 23:36:09 0 d-------- E:\Program Files\Roxio
2008-05-22 23:35:40 0 d-------- E:\Program Files\Common Files\Sonic Shared
2008-05-22 23:24:32 0 d-------- E:\Documents and Settings\Mr. Incredible\Application Data\OpenOffice.org2
2008-05-21 02:26:26 0 d-------- E:\Program Files\Java
2008-05-20 07:10:12 0 d-------- E:\Documents and Settings\Mr. Incredible\Application Data\Lavasoft
2008-05-19 13:54:00 1685 --a------ E:\WINDOWS\mozver.dat
2008-05-15 00:52:42 0 d-------- E:\Program Files\Your Uninstaller 2008
2008-05-15 00:42:53 0 d-------- E:\Documents and Settings\Mr. Incredible\Application Data\URSoft
2008-05-15 00:08:40 0 d-------- E:\Documents and Settings\Mr. Incredible\Application Data\Pogo Games
2008-05-15 00:08:16 0 d-------- E:\Program Files\ToGo Game
2008-05-13 00:18:53 0 d-------- E:\Program Files\BadgeHelp
2008-05-06 17:44:43 0 d-------- E:\Documents and Settings\Mr. Incredible\Application Data\Regrun
2008-05-06 17:41:24 0 d-------- E:\Program Files\Greatis
2008-05-05 13:35:26 0 d-------- E:\Program Files\Maxtor
2008-05-02 01:48:14 0 d-------- E:\Program Files\OpenOffice.org 2.4
2008-05-02 00:37:53 0 d-------- E:\Documents and Settings\Mr. Incredible\Application Data\Help
2008-04-30 03:38:10 0 d-------- E:\Program Files\CONEXANT
2008-04-29 05:46:41 0 d-------- E:\Program Files\SigmaTel
2008-04-29 02:28:28 0 d-------- E:\Program Files\directx
2008-04-29 02:28:18 0 --a------ E:\WINDOWS\PowerReg.dat
2008-04-29 00:59:55 0 d-------- E:\Program Files\Phantom EFX
2008-04-29 00:51:44 0 d-------- E:\Program Files\Common Files\InstallShield
2008-04-28 23:27:19 0 d-------- E:\Program Files\Common Files\Roxio Shared
2008-04-28 23:24:56 0 d-------- E:\Program Files\Common Files\SureThing Shared
2008-04-28 19:01:11 0 d-------- E:\Program Files\Microsoft ActiveSync
2008-04-28 19:00:57 0 d-------- E:\Program Files\Microsoft.NET
2008-04-28 17:25:48 0 d-------- E:\Program Files\Trymedia
2008-04-28 15:25:31 0 d-------- E:\Program Files\Xilisoft
2008-04-28 05:51:13 0 d-------- E:\Documents and Settings\Mr. Incredible\Application Data\DivX
2008-04-27 22:18:08 315392 --a------ E:\WINDOWS\HideWin.exe <Not Verified; Realtek Semiconductor Corp.; HD Audio Hide windows program>
2008-04-27 22:15:02 0 d-------- E:\Documents and Settings\Mr. Incredible\Application Data\GetRightToGo
2008-04-27 21:40:16 0 d-------- E:\Program Files\Common Files\MAGIX Shared
2008-04-27 21:26:18 0 d-------- E:\Program Files\Alien Skin
2008-04-27 20:52:28 0 d-------- E:\Program Files\MagicISO
2008-04-27 19:50:05 0 d-------- E:\Documents and Settings\Mr. Incredible\Application Data\Nero
2008-04-27 19:46:56 0 d-------- E:\Program Files\Common Files\Nero
2008-04-27 19:46:26 0 d-------- E:\Program Files\Nero
2008-04-27 19:34:41 352256 --a------ E:\WINDOWS\msvcr71.dll <Not Verified; Microsoft Corporation; Microsoft® Visual Studio.NET>
2008-04-27 19:34:41 503808 --a------ E:\WINDOWS\msvcp71.dll <Not Verified; Microsoft Corporation; Microsoft® Visual Studio.NET>
2008-04-27 19:32:56 0 d-------- E:\Documents and Settings\Mr. Incredible\Application Data\InstallShield
2008-04-27 19:31:01 0 d-------- E:\Program Files\ATI
2008-04-27 19:27:39 0 d-------- E:\Program Files\XL Delete
2008-04-27 19:19:53 0 d-------- E:\Program Files\Lexmark 810 Series
2008-04-27 19:18:48 0 d-------- E:\Documents and Settings\Mr. Incredible\Application Data\Macromedia
2008-04-27 19:17:56 0 d-------- E:\Program Files\DVD Shrink
2008-04-27 19:16:15 0 d-------- E:\Program Files\MagicDisc
2008-04-27 19:13:11 0 d-------- E:\Program Files\PowerISO
2008-04-27 19:01:46 0 d-------- E:\Program Files\AVG
2008-04-27 18:50:27 0 d-------- E:\Program Files\DivX
2008-04-27 18:47:56 0 d-------- E:\Documents and Settings\Mr. Incredible\Application Data\ATI
2008-04-27 18:47:47 0 --a------ E:\WINDOWS\ativpsrm.bin
2008-04-27 18:46:12 0 d-------- E:\Program Files\ATI Technologies
2008-04-27 18:33:35 0 d-------- E:\Program Files\Dell
2008-04-27 18:19:44 0 d-------- E:\Program Files\Intel
2008-04-27 18:18:52 0 d-------- E:\Documents and Settings\Mr. Incredible\Application Data\Talkback
2008-04-27 18:18:47 0 --a------ E:\WINDOWS\nsreg.dat
2008-04-27 18:15:02 0 d-------- E:\Program Files\Styler
2008-04-27 18:14:59 0 d-------- E:\Documents and Settings\Mr. Incredible\Application Data\Styler
2008-04-27 18:14:50 0 d-------- E:\Program Files\VistaExperience.org
2008-04-27 18:14:45 0 d-------- E:\Documents and Settings\Mr. Incredible\Application Data\Identities
2008-04-27 18:04:52 0 d-------- E:\Program Files\Windows Media Connect 2
2008-04-27 18:04:05 0 d-------- E:\Program Files\Alky for Applications
2008-04-27 18:03:57 0 d-------- E:\Program Files\Kristanix
2008-04-27 18:03:49 0 d-------- E:\Program Files\Stardock
2008-04-27 18:03:49 0 d-------- E:\Program Files\Common Files\Stardock
2008-04-27 18:03:33 0 d-------- E:\Program Files\Sysinternals
2008-04-27 18:03:14 0 d-------- E:\Program Files\Common Files\Java
2008-04-27 18:03:06 0 d-------- E:\Documents and Settings\Mr. Incredible\Application Data\Sun
2008-04-27 18:01:26 0 d-------- E:\Program Files\MSBuild
2008-04-27 18:01:24 0 d-------- E:\Program Files\Reference Assemblies
2008-04-27 17:58:18 0 d--h----- E:\Program Files\WindowsUpdate
2008-04-27 17:58:16 0 d-------- E:\Program Files\Online Services
2008-04-27 17:57:52 0 d-------- E:\Program Files\Common Files\MSSoap
2008-04-27 17:56:43 21640 --a------ E:\WINDOWS\system32\emptyregdb.dat
2008-04-27 17:56:14 0 d-------- E:\Program Files\Windows Sidebar
2008-04-27 17:53:55 0 d-------- E:\Program Files\LClock
2008-04-27 17:53:48 0 d-------- E:\Program Files\Utilities
2008-04-27 17:53:48 0 d-------- E:\Program Files\CCleaner
2008-04-27 17:53:34 0 d-------- E:\Program Files\Desktop
2008-04-27 17:53:10 0 d-------- E:\Documents and Settings\Mr. Incredible\Application Data\WinRAR
2008-04-27 17:53:04 0 d-------- E:\Program Files\TaskSwitchXP
2008-04-27 17:53:03 0 d-------- E:\Program Files\Attribute Changer
2008-04-27 17:52:57 0 d-------- E:\Program Files\Windows NT
2008-04-27 12:43:06 0 d-------- E:\Program Files\Common Files\ODBC
2008-04-27 12:43:04 0 d-------- E:\Program Files\Common Files\SpeechEngines
2008-04-27 12:42:30 62 --ahs---- E:\Documents and Settings\Mr. Incredible\Application Data\desktop.ini
2008-03-28 21:05:00 593920 -----n--- E:\WINDOWS\system32\ati2sgag.exe <Not Verified; ; ATI Smart>
2008-03-19 15:55:10 140288 --a------ E:\WINDOWS\system32\sfc_os.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-03-19 15:53:59 16384 --a------ E:\WINDOWS\system32\lcid.exe <Not Verified; Microsoft; lcid>
2008-03-19 15:53:50 176640 --a------ E:\WINDOWS\system32\taskmgr.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-03-19 15:53:12 98304 --a------ E:\WINDOWS\system32\makecab.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-03-19 15:49:44 200 --a------ E:\WINDOWS\system32\nlite.cmd


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LClock"="E:\Program Files\LClock\LClock.exe" [09/19/2004 12:27 PM]
"PowerTweak Menu"="E:\WINDOWS\system32\mmm.exe" [07/05/2005 03:04 AM]
"UnlockerAssistant"="E:\Program Files\Unlocker\UnlockerAssistant.exe" [02/27/2008 09:33 AM]
"VisualTooltip"="E:\Program Files\Utilities\VisualTooltip\VisualToolTip.exe" [04/25/2007 09:45 AM]
"StartCCC"="E:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [01/21/2008 12:17 PM]
"AVG8_TRAY"="E:\PROGRA~1\AVG\AVG8\avgtray.exe" [04/27/2008 07:01 PM]
"BluetoothAuthenticationAgent"="bthprops.cpl" [03/07/2008 08:46 AM E:\WINDOWS\system32\bthprops.cpl]
"SigmatelSysTrayApp"="stsystra.exe" [09/09/2005 06:19 PM E:\WINDOWS\stsystra.exe]
"RegistryMechanic"="" []
"Adobe Reader Speed Launcher"="E:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 10:16 PM]
"mxomssmenu"="E:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe" [09/06/2007 02:53 PM]
"SunJavaUpdateSched"="E:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [03/25/2008 04:28 AM]
"'Ashampoo AntiSpyWare 2 Guard'"="E:\Program Files\Ashampoo\Ashampoo AntiSpyWare 2\AntiSpyWare2Guard.exe" [03/13/2008 02:36 PM]
"Windows Defender"="E:\Program Files\Windows Defender\MSASCui.exe" [11/03/2006 07:20 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TaskSwitchXP"="E:\Program Files\TaskSwitchXP\TaskSwitchXP.exe" [08/04/2006 02:59 PM]
"Sidebar"="E:\Program Files\Windows Sidebar\sidebar.exe" [12/02/2007 10:58 PM]
"ctfmon.exe"="E:\WINDOWS\system32\ctfmon.exe" [03/07/2008 02:46 AM]
"ISUSPM"="E:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [09/11/2006 04:40 AM]
"PeerGuardian"="E:\Program Files\PeerGuardian2\pg2.exe" [09/18/2005 06:40 PM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"nltide_3"=rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
"ShowDeskFix"=regsvr32 /s /n /i:u shell32

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"TaskSwitchXP"=E:\Program Files\TaskSwitchXP\TaskSwitchXP.exe

E:\Documents and Settings\Mr. Incredible\Start Menu\Programs\Startup\
Adobe Gamma.lnk - E:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [3/16/2005 7:16:50 PM]
Styler.lnk - E:\Documents and Settings\Mr. Incredible\Application Data\Microsoft\Installer\{E9ECF354-2422-4FDB-9ABF-D8ADAC0EF941}\_585b207a.exe [4/27/2008 6:14:34 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
E:\WINDOWS\System32\dimsntfy.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
E:\Program Files\Stardock\Object Desktop\WindowBlinds\wbsrv.dll 04/28/2008 06:07 AM 229376 E:\Program Files\Stardock\Object Desktop\WindowBlinds\WbSrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=avgrsstx.dll,wbsys.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\notepad.exe]
Debugger=E:\WINDOWS\system32\Notepad2.exe

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
eapsvcs eaphost
dot3svc dot3svc
bthsvcs BthServ

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
napagent
hkmsvc


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dd38170a-1951-11dd-b5a7-001c26dceeb7}]
AutoRun\command- .\Encryption Tool\MaxtorEncryption.exe

*Newly Created Service* - PGFILTER

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D58F39FF-953E-4F45-898F-59F243B9A523}]
RUNDLL32 advpack.dll,LaunchINFSection Sidebar.inf,Register



-- End of Deckard's System Scanner: finished at 2008-06-18 23:34:41 ------------

#4 RenatoMejias

RenatoMejias

  • Malware Response Team
  • 913 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:38 AM

Posted 22 June 2008 - 11:25 AM

Hi,

Please make sure that you can view all hidden files. Instructions on how to do this can be found here:

How to see hidden files in Windows

Please click this link-->Jotti

When the jotti page has finished loading, click the Browse button and navigate to the following file and click Submit.

C:\Windows\system32\avgrsstx.dll

Please post back the results of the scan in your next post.

If Jotti is busy, try the same at Virustotal: http://www.virustotal.com/
Renato Victor Mejias
Malware help in portuguese
jetian6yw.jpg

#5 James1234567

James1234567
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:38 AM

Posted 22 June 2008 - 11:36 AM

I looked in C: drive, which is my recovery drive, and there wasn't that .dll there. I went to E: drive, where windows is located, and found it. No viruses to distplay. Here are the results:

Thanks,

James

File: avgrsstx.dll
Status:
OK
MD5: 90f2f844ed4177e772054b8ad55935ab
Packers detected:
-
Scanner results
Scan taken on 22 Jun 2008 16:32:27 (GMT)
A-Squared
Found nothing
AntiVir
Found nothing
ArcaVir
Found nothing
Avast
Found nothing
AVG Antivirus
Found nothing
BitDefender
Found nothing
ClamAV
Found nothing
CPsecure
Found nothing
Dr.Web
Found nothing
F-Prot Antivirus
Found nothing
F-Secure Anti-Virus
Found nothing
Fortinet
Found nothing
Ikarus
Found nothing
Kaspersky Anti-Virus
Found nothing
NOD32
Found nothing
Norman Virus Control
Found nothing
Panda Antivirus
Found nothing
Sophos Antivirus
Found nothing
VirusBuster
Found nothing
VBA32
Found nothing

#6 RenatoMejias

RenatoMejias

  • Malware Response Team
  • 913 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:38 AM

Posted 24 June 2008 - 07:27 PM

Hi,

Backup Your Registry with ERUNT
  • Please use the following link and scroll down to ERUNT and download it.
    http://aumha.org/freeware/freeware.php
  • For version with the Installer:
    Use the setup program to install ERUNT on your computer
  • For the zipped version:
    Unzip all the files into a folder of your choice.
Click Erunt.exe to backup your registry to the folder of your choice.

Note: to restore your registry, go to the folder and start ERDNT.exe

Follow this instructions:

Copy (Ctrl+C)
and paste (Ctrl+V) the following text in the quote to Notepad. Save it as "All Files" and name it FixReg.reg. Please save it on your desktop.

REGEDIT4

[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\notepad.exe]

Double click FixReg.reg and click "Ok".

Next step,

Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

Renato Victor Mejias
Malware help in portuguese
jetian6yw.jpg

#7 James1234567

James1234567
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:38 AM

Posted 24 June 2008 - 10:16 PM

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Tuesday, June 24, 2008
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Wednesday, June 25, 2008 02:06:06
Records in database: 881648
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
E:\
F:\
G:\
H:\
I:\
J:\

Scan statistics:
Files scanned: 122736
Threat name: 0
Infected objects: 0
Suspicious objects: 0
Duration of the scan: 00:56:20

No malware has been detected. The scan area is clean.

The selected area was scanned.

#8 RenatoMejias

RenatoMejias

  • Malware Response Team
  • 913 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:38 AM

Posted 25 June 2008 - 08:22 PM

Your log is clean! Great job!

Disable and Enable System Restore. - If you are using Windows ME or XP then you should disable and enable system restore to make sure there are no infected files found in a restore point.

You can find instructions on how to enable and enable system restore here:

Managing Windows Millenium System Restore

or

Windows XP System Restore Guide

Renable system restore with instructions from tutorial above


Next,

This process will clean out your Temp files and your Temporary Internet Files. Please do eight steps:

Step 1: Delete Temp Files
To clean out your temp files, click on Start and then run, and type %temp% and press the ok button.

This should open up the temp directory that your machine uses. Please delete all files that are found there. If you get an error when deleting a file, skip that file and delete all the others. If you had trouble deleting a file, reboot into

Safe Mode and follow this step again. You should now be able to delete all the files.

Step 2: Delete Temporary Internet Files
Now I want you to open up Internet Explorer, and click on the Tools menu and then Internet Options. At the General tab, which should be the first tab you are

currently on, click on the Delete Files button and put a checkmark in Delete offline content. Then press the OK button. This may take quite a while, so do not be alarmed with how long it takes. When it is done, your Temporary Internet Files will now be deleted.

Step 3: Use an AntiVirus Software
It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future.

See this link for a listing of some online & their stand-alone antivirus programs:

Virus, Spyware, and Malware Protection and Removal Resources

Step 4: Update your AntiVirus Software
It is imperitive that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.

Step 5: Use a Firewall
I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is succeptible to being hacked and taken over. Simply using a Firewall in it is default configuration can lower your risk greatly.

For a tutorial on Firewalls and a listing of some available ones see the link below:

Understanding and Using Firewalls

Step 6: Visit Microsoft's Windows Update Site Frequently
It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

Step 7: Install an Anti Spyware software
It is very important to be safe. Look this list and choose one to install:

Virus, Spyware, and Malware Protection and Removal Resources

Step 8: Update all these programs regularly
Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.

Follow this list and your potential for being infected again will reduce dramatically.

Glad I was able to help and if there any other problems related to your computer please feel free to post them in the appropriate forum.

Though we help people with spyware and viruses here at BC, we also help people with other computer problems! Do not forget to tell your friends about us!

Renato Victor Mejias
Malware help in portuguese
jetian6yw.jpg

#9 RenatoMejias

RenatoMejias

  • Malware Response Team
  • 913 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:38 AM

Posted 09 July 2008 - 09:25 AM

This thread will now be closed.
If you need this topic reopened, please contact a member of the HJT Team and we will reopen it for you.
Include the address of this thread in your request.
If you should have a new issue, please start a new topic.
This applies only to the original topic starter.
Everyone else please begin a New Topic.
Renato Victor Mejias
Malware help in portuguese
jetian6yw.jpg




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users