Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Spybosspro Keeps Coming Back


  • This topic is locked This topic is locked
2 replies to this topic

#1 mmichaelsen

mmichaelsen

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:09:18 AM

Posted 21 May 2008 - 07:36 AM

Spybosspro is being detected and removed by "Spybot - search and destroy" and also Ad-Aware, but after a few days it's on my pc again.

Here's my DSS log

Deckard's System Scanner v20071014.68
Run by Mike on 2008-05-21 08:17:38
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
26: 2008-05-21 12:17:43 UTC - RP286 - Deckard's System Scanner Restore Point
25: 2008-05-21 11:50:58 UTC - RP285 - System Checkpoint
24: 2008-05-20 05:23:44 UTC - RP284 - System Checkpoint
23: 2008-05-19 04:24:49 UTC - RP283 - System Checkpoint
22: 2008-05-18 04:23:44 UTC - RP282 - System Checkpoint


-- First Restore Point --
1: 2008-04-26 02:21:14 UTC - RP261 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Mike.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:19:52 AM, on 5/21/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Easy Blogger Creator Pro\EBCServPro.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\VIP Quality Software\VIP Simple To Do List\VIP Simple To Do List.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Program Files\Vidalia Bundle\Privoxy\privoxy.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Vidalia Bundle\Tor\tor.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Mike\Desktop\dss.exe
C:\DOCUME~1\Mike\Desktop\Mike.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ftp=localhost:8118;gopher=localhost:8118;http=localhost:8118;https=localhost:8118;socks=localhost:9050
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Easy Blogger Creator Pro] C:\Program Files\Easy Blogger Creator Pro\EBCServPro.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iexplore] C:\WINDOWS\system32\Sys\iexplore.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [VIP Simple To Do List] C:\Program Files\VIP Quality Software\VIP Simple To Do List\VIP Simple To Do List.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Vidalia] "C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe"
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Privoxy.lnk = C:\Program Files\Vidalia Bundle\Privoxy\privoxy.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download All Files by HiDownload - C:\Program Files\StreamingStar\HiDownload\HDGetAll.htm
O8 - Extra context menu item: Download by HiDownload - C:\Program Files\StreamingStar\HiDownload\HDGet.htm
O8 - Extra context menu item: E&xport to Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIC273~1\Office12\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: HiDownload - {F4FBA929-A891-492C-A0F6-5C79CC4F1742} - C:\Program Files\StreamingStar\HiDownload\hidownload.exe (HKCU)
O15 - Trusted Zone: http://www.msi.com.tw
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1178229448140
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe

--
End of file - 8622 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 SCDEmu - c:\windows\system32\drivers\scdemu.sys <Not Verified; PowerISO Computing, Inc.; scdemu>
R3 Pcouffin (Low level access layer for CD devices) - c:\windows\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>

S3 APLMp50 (APLMp50 NDIS Protocol Driver) - c:\windows\system32\drivers\aplmp50.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>
S3 rtl8139 (Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver) - c:\windows\system32\drivers\rtl8139.sys (file missing)
S3 UfasoftSnifDriver4 (Ufasoft Snif Driver v4) - c:\program files\ufasoft\sniffer\usft_sn4.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Bonjour Service (##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##) - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Computer, Inc.; Bonjour>
R3 NMIndexingService - "c:\program files\common files\ahead\lib\nmindexingservice.exe" <Not Verified; Nero AG; Nero Home>

S3 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Files created between 2008-04-21 and 2008-05-21 -----------------------------

2008-05-20 21:05:08 0 d-------- C:\WINDOWS\Replay Media Catcher
2008-05-20 20:53:54 0 d-------- C:\hidownload
2008-05-20 20:52:34 0 d-------- C:\Program Files\StreamingStar
2008-05-05 18:30:04 2 --a------ C:\WINDOWS\system32\krx240.dat
2008-05-05 18:29:46 0 d-------- C:\Program Files\Web Button Maker Deluxe
2008-04-25 22:36:28 0 d-------- C:\WINDOWS\system32\NtmsData
2008-04-21 06:39:53 0 d-------- C:\Program Files\Color Pilot
2008-04-21 06:27:52 0 d-------- C:\Program Files\Invention Pilot


-- Find3M Report ---------------------------------------------------------------

2008-05-21 07:52:04 0 d-------- C:\Documents and Settings\Mike\Application Data\Vidalia
2008-05-21 07:51:17 0 d-------- C:\Documents and Settings\Mike\Application Data\tor
2008-05-21 07:16:57 0 d-------- C:\Program Files\Easy Blogger Creator Pro
2008-05-20 21:41:23 0 d-------- C:\Program Files\Notepad++
2008-05-20 21:06:28 0 d-------- C:\Program Files\Replay Media Catcher
2008-05-20 20:59:19 0 d-------- C:\Program Files\WMR11
2008-05-20 18:53:20 0 d-------- C:\Documents and Settings\Mike\Application Data\Mozilla
2008-05-20 10:16:12 0 d-------- C:\Program Files\Windows Grep
2008-05-19 13:37:44 0 d-------- C:\Program Files\filesub-replace
2008-05-19 11:10:20 0 d-------- C:\Program Files\Random Word Generator
2008-05-18 11:31:17 0 d-------- C:\Program Files\Common Files
2008-05-18 11:31:11 0 d-------- C:\Program Files\Common Files\System-G
2008-05-17 06:37:33 0 d-------- C:\Program Files\Expired Domain Name Suite Full
2008-05-01 15:57:55 0 d-------- C:\Program Files\The Logo Creator v5
2008-04-23 10:34:12 0 d-------- C:\Documents and Settings\Mike\Application Data\Adobe
2008-04-21 19:57:04 0 d-------- C:\Program Files\Common Files\Adobe
2008-04-21 06:26:03 0 d-------- C:\Documents and Settings\Mike\Application Data\AVG7
2008-04-17 11:46:14 0 d-------- C:\Program Files\A.F.5 Rename your files 1.1
2008-04-17 11:45:57 0 d-------- C:\Program Files\SEO Elite 4
2008-04-17 11:45:57 0 d-------- C:\Program Files\Replay AV 8
2008-04-17 11:36:18 0 d-------- C:\Program Files\Evidence Eliminator
2008-04-16 12:04:52 0 d-------- C:\Program Files\Windows XP Home-Pro-2003 SP2 Crack
2008-04-16 09:20:03 0 d-------- C:\Program Files\Lavasoft
2008-04-16 09:19:26 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-04-15 12:26:50 0 d-------- C:\Program Files\GPLGS
2008-04-15 12:26:13 0 d-------- C:\Program Files\Acro Software
2008-04-03 09:48:51 0 d-------- C:\Program Files\Exif Farm
2008-04-03 09:21:06 0 d-------- C:\Program Files\Slideroll
2008-04-03 09:20:56 0 d-------- C:\Program Files\idotz
2008-04-03 09:20:02 0 d-------- C:\Program Files\Teleport Pro
2008-04-03 08:55:13 0 d-------- C:\Program Files\Bonjour
2008-04-03 07:11:38 2560 --a------ C:\WINDOWS\system32\bitcometres.dll <Not Verified; BitComet; BitComet BCTP Helper>
2008-04-03 07:11:22 0 d-------- C:\Program Files\BitComet
2008-04-02 19:25:18 0 d-------- C:\Program Files\IMMonitor
2008-04-02 19:25:02 0 d-------- C:\Program Files\Ashkon Software
2008-03-27 14:53:24 0 d-------- C:\Program Files\Advanced Find and Replace 3
2008-03-08 09:00:05 12247247 -----n--- C:\avg7qt.dat
2008-03-06 12:46:46 34 --a------ C:\WINDOWS\system32\BD2040.DAT


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [04/18/2008 06:26 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 04:25 AM]
"Easy Blogger Creator Pro"="C:\Program Files\Easy Blogger Creator Pro\EBCServPro.exe" [04/16/2007 04:28 PM]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [06/14/2004 05:18 PM]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [06/14/2004 05:18 PM]
"SoundMan"="SOUNDMAN.EXE" [11/17/2006 05:42 AM C:\WINDOWS\soundman.exe]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [01/12/2006 03:40 PM]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [06/29/2007 06:24 AM]
"iexplore"="C:\WINDOWS\system32\Sys\iexplore.exe" []
"AIM Sniffer"="" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 12:24 PM]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [01/15/2007 04:14 PM]
"VIP Simple To Do List"="C:\Program Files\VIP Quality Software\VIP Simple To Do List\VIP Simple To Do List.exe" [10/24/2006 12:24 PM]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [11/13/2006 01:39 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/03/2004 06:56 PM]
"Vidalia"="C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe" [11/22/2007 05:49 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Privoxy.lnk - C:\Program Files\Vidalia Bundle\Privoxy\privoxy.exe [11/20/2006 10:30:54 AM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoLowDiskSpaceChecks"=1 (0x1)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"




-- End of Deckard's System Scanner: finished at 2008-05-21 08:20:50 ------------



Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® 4 CPU 3.00GHz
CPU 1: Intel® Pentium® 4 CPU 3.00GHz
Percentage of Memory in Use: 26%
Physical Memory (total/avail): 2047.48 MiB / 1511.64 MiB
Pagefile Memory (total/avail): 3943.52 MiB / 3510.07 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1929.31 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 298.08 GiB total, 226.39 GiB free.
D: is Fixed (NTFS) - 111.78 GiB total, 44.19 GiB free.
E: is CDROM (No Media)
F: is CDROM (CDFS)
G: is Removable (No Media)

\\.\PHYSICALDRIVE1 - ST3120026A - 111.79 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 111.78 GiB - D:

\\.\PHYSICALDRIVE0 - ST3320620A - 298.09 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 298.08 GiB - C:

\\.\PHYSICALDRIVE2 - SM Media -Shuttle USB Device



-- Security Center -------------------------------------------------------------

AUOptions is set to notify before download.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.

AV: AVG 7.5.524 v7.5.524 (Grisoft)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG7\\avginet.exe:*:Enabled:avginet.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe:*:Enabled:avgcc.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe:*:Enabled:avgemc.exe"
"C:\\Program Files\\BitComet\\BitComet.exe"="C:\\Program Files\\BitComet\\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client"
"C:\\xampp\\apache\\bin\\apache.exe"="C:\\xampp\\apache\\bin\\apache.exe:*:Disabled:Apache HTTP Server"
"C:\\Program Files\\Octoshape Streaming Services\\Mike\\OctoshapeClient.exe"="C:\\Program Files\\Octoshape Streaming Services\\Mike\\OctoshapeClient.exe:*:Enabled:OctoshapeClient"
"C:\\Program Files\\Xi\\NetXfer\\NetTransport.exe"="C:\\Program Files\\Xi\\NetXfer\\NetTransport.exe:*:Enabled:NetXfer Download Manager"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"C:\\Program Files\\GlobalSCAPE\\CuteFTP 7 Professional\\ftpte.exe"="C:\\Program Files\\GlobalSCAPE\\CuteFTP 7 Professional\\ftpte.exe:*:Disabled:FTP Transfer Engine"
"C:\\Program Files\\Proxy Checker\\PCv7.exe"="C:\\Program Files\\Proxy Checker\\PCv7.exe:*:Enabled:Proxy Checker v7.4"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\mIRC\\mirc.exe"="C:\\Program Files\\mIRC\\mirc.exe:*:Enabled:mIRC"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Mike\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_02\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=MIKES-PC
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Mike
LOGONSERVER=\\MIKES-PC
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\WBEM;C:\Program Files\QuickTime\QTSystem\;c:\Program Files\Microsoft SQL Server\90\Tools\binn\;C:\Program Files\Microsoft SQL Server\80\Tools\Binn\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 4 Stepping 1, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0401
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_02\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Mike\LOCALS~1\Temp
TMP=C:\DOCUME~1\Mike\LOCALS~1\Temp
USERDOMAIN=MIKES-PC
USERNAME=Mike
USERPROFILE=C:\Documents and Settings\Mike
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Mike (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Nero\Nero 7\\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\WINDOWS\UNRecode.exe /UNINSTALL
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
4W WebMerge --> C:\PROGRA~1\4WWEBM~1\UNWISE.EXE C:\PROGRA~1\4WWEBM~1\INSTALL.LOG
Able2Extract v4.0 --> C:\Program Files\Investintech.com Inc\Able2Extract 4.0\Uninstal.exe
Ad-Aware 2008 --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Anchor Service CS3 --> MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3 --> MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge CS3 --> MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting --> MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe Camera Raw 4.0 --> MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps --> MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color - Photoshop Specific --> MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
Adobe Color Common Settings --> MsiExec.exe /I{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}
Adobe Color EU Extra Settings --> MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8}
Adobe Color JA Extra Settings --> MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Recommended Settings --> MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5}
Adobe Default Language CS3 --> MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3 --> MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe Dreamweaver CS3 --> C:\Program Files\Common Files\Adobe\Installers\435a6af7459cb02a9c1138113a26e93\Setup.exe
Adobe Dreamweaver CS3 --> MsiExec.exe /I{F01D5ED5-D53A-4468-B428-149DC2CB3110}
Adobe ExtendScript Toolkit 2 --> MsiExec.exe /I{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}
Adobe Extension Manager CS3 --> MsiExec.exe /I{2A539CD9-0F75-4875-9A32-E06DD93C4114}
Adobe Flash CS3 --> MsiExec.exe /I{6B52140A-F189-4945-BFFC-DB3F00B8C589}
Adobe Flash CS3 Professional --> C:\Program Files\Common Files\Adobe\Installers\c3c7fe8b09d497ab2b3fd91c9353390\Setup.exe
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9c.exe -uninstallUnlock
Adobe Flash Player 9 Plugin --> MsiExec.exe /X{88D422DB-E9C7-4E16-9D80-2999F4FD6AD9}
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Video Encoder --> MsiExec.exe /I{2EFFFC71-1E66-454E-A6E6-CEEC800B96D2}
Adobe Fonts All --> MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Help Viewer CS3 --> MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
Adobe Linguistics CS3 --> MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe PDF Library Files --> MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop CS3 --> C:\Program Files\Common Files\Adobe\Installers\719d6f144d0c086a0dfa7ff76bb9ac1\Setup.exe
Adobe Photoshop CS3 --> MsiExec.exe /I{3D7E3EC9-46CF-4359-9289-39CE01DFB82F}
Adobe Reader 8 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A80000000002}
Adobe Setup --> MsiExec.exe /I{3A12C952-61D5-4C3B-B68B-8CFBE47E22F1}
Adobe Setup --> MsiExec.exe /I{FF11004C-F42A-4A31-9BCF-7F5C8FDBE53C}
Adobe Setup --> MsiExec.exe /I{FFC1ADE3-944B-4231-894E-3903C37271D2}
Adobe Stock Photos CS3 --> MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe Type Support --> MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3 --> MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client --> MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe WinSoft Linguistics Plugin --> MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe XMP Panels CS3 --> MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923}
Adobe® Photoshop® Album Starter Edition 3.0 --> MsiExec.exe /I{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}
Advanced Find and Replace v3.0 --> "C:\Program Files\Advanced Find and Replace 3\unins000.exe"
afreeCodecVT --> "C:\WINDOWS\afreeCodecVT\uninstall.exe" "/U:C:\Program Files\afreeCodecVT\Uninstall\uninstall.xml"
All Day Sucker --> MsiExec.exe /I{5EB6FAD7-0F06-4126-9B1A-948DA7CE87DD}
Apple Software Update --> MsiExec.exe /I{74EC78BC-B379-4E29-9006-8F161DCAABA6}
ASAP Utilities --> "C:\Program Files\ASAP Utilities\unins000.exe"
Atrex --> C:\Program Files\Atrex\Uninst_Atrex.exe /U "C:\Program Files\Atrex\Uninst_Atrex.log"
AusLogics Disk Defrag --> "C:\Program Files\AusLogics Disk Defrag\unins000.exe"
AutoHotkey 1.0.47.01 --> C:\Program Files\AutoHotkey\uninst.exe
AutoIT-Recorder --> MsiExec.exe /I{6D580F34-B267-4914-816D-AF0AF362CA6D}
AutoIt v3.2.4.9 --> C:\Program Files\AutoIt3\Uninstall.exe
AutoRun Wizard --> MsiExec.exe /I{5E432A97-6F3C-4D6A-B0B6-50E9F44805BA}
AVG 7.5 --> C:\Program Files\Grisoft\AVG7\setup.exe /UNINSTALL
AVI/MPEG/ASF/WMV Splitter 3.22 --> "C:\Program Files\AVI MPEG ASF WMV Splitter\unins000.exe"
BitComet 1.00 --> C:\Program Files\BitComet\uninst.exe
Canon ScanGear Starter --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{18A5DFF2-8A95-49F3-873F-743CB5549F3D}\SETUP.EXE" -l0x9 anything
Color Pilot 4.62 --> "C:\Program Files\Color Pilot\unins000.exe"
Color Pilot Plug-in 2.42 --> C:\Program Files\Invention Pilot\Color Pilot Plug-in\Setup.exe \q
Compatibility Pack for the 2007 Office system --> MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
CuteFTP 7 Professional --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1CCBCF78-EF12-4137-B3CA-99F30A2E7D21}\Setup.exe" -l0x9
CutePDF Writer 2.7 --> C:\Program Files\Acro Software\CutePDF Writer\uninscpw.exe /uninstall
DVD Shrink 3.2 --> "C:\Program Files\DVD Shrink\unins000.exe"
Easy Blogger Creator Pro --> MsiExec.exe /I{E6B6C2DA-20F1-45D7-86A1-48E2718AD64C}
Easy File Joiner --> "C:\Program Files\Ashkon Software\Easy File Joiner\unins000.exe"
Emulator Images for Windows Mobile 5.0 with MSFP --> MsiExec.exe /X{907A5FE4-2A3B-4BAA-B992-C07F06C32EF9}
Evidence Eliminator --> C:\PROGRA~1\EVIDEN~1\UNWISE.EXE C:\PROGRA~1\EVIDEN~1\INSTALL.LOG
Expired Domain Name Suite Full --> MsiExec.exe /I{DB208B89-EAAA-4B17-82C8-CA4A794911D3}
Extract Data & Text From Multiple Files Software 7.0 --> "C:\Program Files\Extract Data & Text From Multiple Files Software\unins000.exe"
Extract or Remove Text Between Any Two Fields (Tags) Software 7 --> "C:\Program Files\Extract or Remove Text Between Any Two Fields (Tags) Software\unins000.exe"
Forum Poster 2.7 --> "C:\Program Files\Forum Poster 2\unins000.exe"
Gammadyne Spell Checking Module --> C:\Program Files\Common Files\System-G\Speller\Uninstall\Uninstall.EXE /u:"Gammadyne Spell Checking Module"
GAPI for HPCs --> C:\Program Files\Microsoft ActiveSync\GAPI for HPCs\Uninstall.exe GAPI for HPCs
GlitterText Maker 1.0 --> "C:\Program Files\GlitterText Maker\unins000.exe"
Google AdWords Editor --> MsiExec.exe /I{E7237B6D-E484-43F7-870E-BCE060FC01E2}
Google Earth --> MsiExec.exe /I{407B9B5C-DAC5-4F44-A756-B57CAB4E6A8B}
Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
HiDownload --> "C:\Program Files\StreamingStar\HiDownload\unins000.exe"
HijackThis 2.0.2 --> "C:\Documents and Settings\Mike\Desktop\Downloads\HijackThis.exe" /uninstall
ImgBurn (Remove Only) --> "C:\Program Files\ImgBurn\uninstall.exe"
IrfanView (remove only) --> C:\Program Files\IrfanView\iv_uninstall.exe
Java™ 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java™ 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java™ 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java™ SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
K-Lite Mega Codec Pack 3.7.5 --> "C:\Program Files\K-Lite Codec Pack\unins000.exe"
Links Extractor 1.2 --> "C:\Program Files\Links Extractor 1.2\uninstall.exe"
LLC Maker --> C:\WINDOWS\st6unst.exe -n "C:\Program Files\LLC Maker\ST6UNST.LOG"
Magic ISO Maker v5.3 (build 0216) --> C:\PROGRA~1\MagicISO\UNWISE.EXE C:\PROGRA~1\MagicISO\INSTALL.LOG
McFunSoft DVD Creator Trial Version (English) 7.0 --> "C:\Program Files\McFunSoft DVD Creator\unins000.exe"
Microsoft ActiveSync --> MsiExec.exe /I{99052DB7-9592-4522-A558-5417BBAD48EE}
Microsoft Device Emulator version 1.0 - ENU --> MsiExec.exe /X{78B75C6D-E53C-424C-BF83-4B63BD4A6682}
Microsoft Expression Web --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall WEBDESIGNER /dll ESETUP.DLL
Microsoft Expression Web --> MsiExec.exe /X{90120000-0026-0000-0000-0000000FF1CE}
Microsoft Expression Web MUI (English) --> MsiExec.exe /X{90120000-0026-0409-0000-0000000FF1CE}
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{20110409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007 --> MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007 --> MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007 --> MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft SQL Server 2005 --> "c:\Program Files\Microsoft SQL Server\90\Setup Bootstrap\ARPWrapper.exe" /Remove
Microsoft SQL Server 2005 Backward compatibility --> MsiExec.exe /I{69880C00-08DD-4385-B752-9C62656F6D1E}
Microsoft SQL Server 2005 Express Edition (PROVIDUSSTD) --> MsiExec.exe /I{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}
Microsoft SQL Server 2005 Tools Express Edition --> MsiExec.exe /I{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}
Microsoft SQL Server Native Client --> MsiExec.exe /I{F9B3DD02-B0B3-42E9-8650-030DFF0D133D}
Microsoft SQL Server Setup Support Files (English) --> MsiExec.exe /X{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}
Microsoft SQL Server VSS Writer --> MsiExec.exe /I{E9F44C98-B8B6-480F-AF7B-E42A0A46F4E3}
mIRC --> C:\Program Files\mIRC\uninstall.exe _?=C:\Program Files\mIRC
Mozilla Firefox (2.0.0.14) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
MWSnap 3 --> "C:\Program Files\MWSnap\uninstall.exe"
Navman SmartST Desktop 2005 for iCN500 Series --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{17C4BEEA-D6E8-4975-B2CC-53F6F5CE9959}\expand.exe" -l0x9
Nero 7 Ultra Edition --> MsiExec.exe /I{9FB8CAC0-CCF6-47C9-8EDE-3AC69FD61033}
neroxml --> MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
Notepad++ --> C:\Program Files\Notepad++\uninstall.exe
Octoshape Streaming Services --> C:\Program Files\Octoshape Streaming Services\Mike\uninst.exe
PDF Settings --> MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
PowerISO --> "C:\Program Files\PowerISO\uninstall.exe"
Privoxy 3.0.6 --> "C:\Program Files\Vidalia Bundle\Uninstall.exe"
QuickTime --> MsiExec.exe /I{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}
Random Word Generator --> C:\Program Files\Random Word Generator\Uninstall.EXE /u:"Random Word Generator"
Realtek AC'97 Audio --> Alcrmv.exe -r -m
Replay AV 8 --> C:\WINDOWS\iun6002.exe "C:\Program Files\Replay AV 8\uninstall8.ini"
Replay Media Catcher --> "C:\WINDOWS\Replay Media Catcher\uninstall.exe" "/U:C:\Program Files\Replay Media Catcher\Uninstall\uninstall.xml"
Search and Replace --> C:\Tools\SR\UNWISE.EXE C:\Tools\SR\INSTALL.LOG
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins001.exe"
Spybot - Search & Destroy 1.5.2.20 --> "C:\WINDOWS\unins000.exe"
The Logo Creator v5 --> C:\WINDOWS\unvise32.exe C:\Program Files\The Logo Creator v5\uninstal.log
TheDowser Professional v5.9.0 --> "C:\Program Files\TheDowser Professional 590\unins000.exe"
TMPGEnc Plus 2.5 --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{2A1E27FF-BE53-45B4-950F-060236E98E3D}
Tor 0.1.2.19 --> "C:\Program Files\Vidalia Bundle\Uninstall.exe"
UnZixWin Extractor --> C:\WINDOWS\st6unst.exe -n "C:\Program Files\UnZixWin\ST6UNST.LOG"
URGE --> MsiExec.exe /I{8BBF6DFD-0AD9-43A7-9FBD-BF065E3866AF}
Url Extractor Ver 1.0 --> "C:\Program Files\Url Extractor\unins000.exe"
Vidalia 0.0.16 --> "C:\Program Files\Vidalia Bundle\Uninstall.exe"
VIP Simple To Do List --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{666AD9A0-B20B-4C48-9AFE-D6039B52C13D}\setup.exe" -l0x9 -removeonly
Virtual Machine Network Services Driver --> MsiExec.exe /I{A1795AC0-9B6A-40D9-8E07-A82662268D9F}
vSearchVooDoo --> MsiExec.exe /I{69DF574C-8CF5-44DD-8250-049DED3EA920}
Web Button Maker Deluxe --> C:\Program Files\Web Button Maker Deluxe\uninstall.exe
Web Data Extractor 6.1 --> "C:\Program Files\Web Data Extractor 6.1\unins000.exe"
Web Dumper 2.3.6 --> "C:\Program Files\Web Dumper\unins000.exe"
Web Scraper Plus+ Web Spider Edition --> C:\Program Files\InstallShield Installation Information\{740A4B66-2185-403E-933A-85239C3898FA}\setup.exe -runfromtemp -l0x0409
WebGraphics Optimizer 4.2 --> C:\PROGRA~1\WEBGRA~1.2\UNWISE.EXE C:\PROGRA~1\WEBGRA~1.2\INSTALL.LOG
Windows Communication Foundation --> MsiExec.exe /X{491DD792-AD81-429C-9EB4-86DD3D22E333}
Windows Grep 2.3 --> "C:\Program Files\Windows Grep\unins000.exe"
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Presentation Foundation --> MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows Workflow Foundation --> MsiExec.exe /I{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}
WinHTTrack Website Copier 3.41-2 --> "C:\Program Files\WinHTTrack\unins000.exe"
WinPcap 3.1 beta3 --> "C:\Program Files\WinPcap\Uninstall.exe" "C:\Program Files\WinPcap\install.log"
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
WinSCP 4.0.4 --> "C:\Program Files\WinSCP\unins000.exe"
WinZip 11.1 --> MsiExec.exe /X{CD95F661-A5C4-44F5-A6AA-ECDD91C240B5}
WM Recorder 11.2 --> C:\Program Files\WMR11\Uninstal.exe
WM Recorder 12.0 --> C:\Program Files\WMR11\Uninstal.exe
WordPress Article Uploader 1.0 --> "C:\Program Files\WPArticleUpload\unins000.exe"
XML Paper Specification Shared Components Pack 1.0 -->
XSite Pro --> C:\WINDOWS\XSite Pro Uninstaller.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type5255 / Warning
Event Submitted/Written: 05/21/2008 07:16:07 AM
Event ID/Source: 3 / SQLBrowser
Event Description:
The configuration of the AdminConnection\TCP protocol in the SQL instance PROVIDUSSTD is not valid.

Event Record #/Type5249 / Error
Event Submitted/Written: 05/20/2008 09:06:58 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application firefox.exe, version 1.8.20080.40413, faulting module unknown, version 0.0.0.0, fault address 0x5e3119f0.
Processing media-specific event for [firefox.exe!ws!]

Event Record #/Type5247 / Warning
Event Submitted/Written: 05/17/2008 06:37:30 AM
Event ID/Source: 1001 / MsiInstaller
Event Description:
Detection of product '{DB208B89-EAAA-4B17-82C8-CA4A794911D3}', feature '_MainFeature' failed during request for component '{397D101B-A762-11D2-B97E-006097C4DE24}'

Event Record #/Type5246 / Warning
Event Submitted/Written: 05/17/2008 06:37:30 AM
Event ID/Source: 1004 / MsiInstaller
Event Description:
Detection of product '{DB208B89-EAAA-4B17-82C8-CA4A794911D3}', feature '_MainFeature', component '{4F5F8457-CDE3-42F1-BA07-157FCE04F028}' failed. The resource 'C:\WINDOWS\system32\Memman.vxd' does not exist.

Event Record #/Type5244 / Warning
Event Submitted/Written: 05/16/2008 05:17:51 PM
Event ID/Source: 1001 / MsiInstaller
Event Description:
Detection of product '{DB208B89-EAAA-4B17-82C8-CA4A794911D3}', feature '_MainFeature' failed during request for component '{397D101B-A762-11D2-B97E-006097C4DE24}'



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type3506 / Warning
Event Submitted/Written: 05/13/2008 07:59:21 AM
Event ID/Source: 36 / W32Time
Event Description:
The time service has not been able to synchronize the system time
for 49152 seconds because none of the time providers has been able to
provide a usable time stamp. The system clock is unsynchronized.

Event Record #/Type3448 / Warning
Event Submitted/Written: 05/12/2008 01:41:39 AM
Event ID/Source: 36 / W32Time
Event Description:
The time service has not been able to synchronize the system time
for 49152 seconds because none of the time providers has been able to
provide a usable time stamp. The system clock is unsynchronized.

Event Record #/Type3418 / Warning
Event Submitted/Written: 05/11/2008 05:06:12 AM
Event ID/Source: 36 / W32Time
Event Description:
The time service has not been able to synchronize the system time
for 49152 seconds because none of the time providers has been able to
provide a usable time stamp. The system clock is unsynchronized.

Event Record #/Type3340 / Warning
Event Submitted/Written: 05/01/2008 01:25:18 AM
Event ID/Source: 36 / W32Time
Event Description:
The time service has not been able to synchronize the system time
for 49152 seconds because none of the time providers has been able to
provide a usable time stamp. The system clock is unsynchronized.

Event Record #/Type3291 / Error
Event Submitted/Written: 04/25/2008 10:20:12 PM
Event ID/Source: 1 / sr
Event Description:
The System Restore filter encountered the unexpected error '0xC0000368' while processing the file '2.0.0.0__b03f5f7f11d50a3a' on the volume 'Hardd .. lume2'. It has stopped monitoring the volume.



-- End of Deckard's System Scanner: finished at 2008-05-21 08:20:50 ------------



Please help...

Regards
Mike

<edit> I guess I should add that my pc operates like normal. It's only because of my malware scans I am aware about it. </edit>

<more edit> Now it's showing up as smartPCKeylogger in Search & Destroy. It's still the same file and registry info it comes up with:

SmartPCKeylogger: [SBI $52088A00] Shared DLL (1 apps) (Registry value, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls\C:\WINDOWS\system32\Memman.vxd

</more edit>

Edited by mmichaelsen, 21 May 2008 - 04:33 PM.


BC AdBot (Login to Remove)

 


#2 Simon V.

Simon V.

  • Members
  • 439 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:18 PM

Posted 19 June 2008 - 01:55 PM

Hello, and welcome to the forum :thumbsup:

I'm sorry for the delay, the forums are very busy. If you still need help, please post a new Deckard's System Scanner log and give a description of how your computer is currently running.
Simon V.

Posted Image
Posted Image

So How Did I Get Infected In The First Place?
Stand Up and Be Counted!

My help at this forum is free, but if you wish to make a donation to help me continue the fight against malware - click here.

#3 Simon V.

Simon V.

  • Members
  • 439 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:18 PM

Posted 23 June 2008 - 05:33 PM

Due to inactivity this topic will be closed.

If you need help please start a new thread and post a new HijackThis log.
Simon V.

Posted Image
Posted Image

So How Did I Get Infected In The First Place?
Stand Up and Be Counted!

My help at this forum is free, but if you wish to make a donation to help me continue the fight against malware - click here.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users