Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I Got This Spyware In My Pc, Help...


  • This topic is locked This topic is locked
2 replies to this topic

#1 jack0987654

jack0987654

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:07:38 PM

Posted 26 May 2008 - 10:25 PM

My zonealarm spyware found this spyware ("Win32.Trojan.Spy.Agent.kb" HKLM\SYSTEM\ControlSet001\Control\Class\{4D36E965-E325-11CE-BFC1-08002BE10318}\0005 ) in my pc. I deleted it many times but it always come back whenever I restart my pc. I googled a little bit, somepeople thought it's a "false positive." How can I tell? If not, what kind of spyware is this and how can I removed it.
Please help and thanks. :-)

Deckard's System Scanner v20071014.68
Run by Mark Chen on 2008-05-26 19:08:26
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
60: 2008-05-27 02:08:48 UTC - RP722 - Deckard's System Scanner Restore Point
59: 2008-05-26 18:55:53 UTC - RP721 - System Checkpoint
58: 2008-05-25 01:59:45 UTC - RP720 - System Checkpoint
57: 2008-05-23 20:19:25 UTC - RP719 - System Checkpoint
56: 2008-05-22 05:14:51 UTC - RP718 - Removed NBC Direct Beta


-- First Restore Point --
1: 2008-03-08 20:09:44 UTC - RP663 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

System Drive C: has 4.1 GiB (less than 15%) free.


-- HijackThis (run as Mark Chen.exe) -------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:12:25 PM, on 5/26/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Intel\ASF Agent\ASFAgent.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\OpenCASE\OpenCASE Media Agent\MediaAgent.exe
C:\Program Files\SiteAdvisor\6172\SAService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\System32\UAService7.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\Zone Labs\ZoneAlarm\MailFrontier\mantispm.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Mark Chen\Local Settings\Temporary Internet Files\Content.IE5\6LCUEDT1\dss[1].exe
C:\WINDOWS\system32\taskmgr.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\PROGRA~1\TRENDM~1\HIJACK~1\Mark Chen.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
F2 - REG:system.ini: Shell=
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\support.com\bin\tgcmd.exe" /server
O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\RunOnce: [srePostpone] rundll32.exe c:\windows\system32\zonelabs\srescan.dll,DoSpecialAction
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: MiniEYE-MiniREAD Launch.lnk = C:\Program Files\Infinite Mind LC\eyeQ\ARLaunch.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - Trusted Zone: http://xtend.optionsxpress.com
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} - https://components.viewpoint.com/MTSInstall...coupe_load.html
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.2.2.89.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...90/mcinsctl.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/235bb7c1bf7255...ip/RdxIE601.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1158894231937
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: ASF Agent (ASFAgent) - Intel Corporation - C:\Program Files\Intel\ASF Agent\ASFAgent.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: lxbs_device - Lexmark International, Inc. - C:\WINDOWS\System32\lxbscoms.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: OpenCASE Media Agent - ExtendMedia Inc. - C:\Program Files\OpenCASE\OpenCASE Media Agent\MediaAgent.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6172\SAService.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\System32\UAService7.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 10199 bytes

-- File Associations -----------------------------------------------------------

.js - jsfile - DefaultIcon - "C:\Program Files\Adobe\Adobe Dreamweaver CS3\Dreamweaver.exe",7
.js - jsfile - shell\open\command - "C:\Program Files\Adobe\Adobe Dreamweaver CS3\Dreamweaver.exe","%1"


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 sfdrv01 (StarForce Protection Environment Driver (version 1.x)) - c:\windows\system32\drivers\sfdrv01.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 sfhlp02 (StarForce Protection Helper Driver (version 2.x)) - c:\windows\system32\drivers\sfhlp02.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 sfsync02 (StarForce Protection Synchronization Driver (version 2.x)) - c:\windows\system32\drivers\sfsync02.sys <Not Verified; Protection Technology; StarForce Protection System>
R1 OMCI - c:\windows\system32\drivers\omci.sys <Not Verified; Dell Computer Corporation; OMCI Driver>
R1 SCDEmu - c:\windows\system32\drivers\scdemu.sys <Not Verified; PowerISO Computing, Inc.; scdemu>
R2 AsfAlrt - c:\windows\system32\drivers\asfalrt.sys <Not Verified; Intel Corporation; Intel Alert on LAN® 2>
R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus® ASPI Shell>

S3 ZSMC301b (VIMICRO USB PC Camera 301x) - c:\windows\system32\drivers\usbvm31b.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 ASFAgent (ASF Agent) - c:\program files\intel\asf agent\asfagent.exe <Not Verified; Intel Corporation; Intel® PRO Alerting Suite ASF 1.0 and ASF 2.0 Compatible>
R2 Bonjour Service (##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##) - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Computer, Inc.; Bonjour>
R2 UserAccess7 (SecuROM User Access Service (V7)) - c:\windows\system32\uaservice7.exe
R3 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-05-26 18:29:03 256 --a------ C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job


-- Files created between 2008-04-26 and 2008-05-26 -----------------------------

2008-05-26 19:05:25 0 d-------- C:\Program Files\Trend Micro
2008-05-02 22:06:57 0 d-------- C:\Documents and Settings\Mark Chen\Application Data\.maltego


-- Find3M Report ---------------------------------------------------------------

2008-05-26 10:12:58 0 d-------- C:\Documents and Settings\Mark Chen\Application Data\uTorrent
2008-05-25 12:53:45 4212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2008-05-12 22:30:34 0 d-------- C:\Program Files\download
2008-05-07 14:15:37 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-05-02 22:36:35 0 d-------- C:\Program Files\Java
2008-05-01 00:32:35 0 d-------- C:\Documents and Settings\Mark Chen\Application Data\MailFrontier
2008-04-29 12:17:26 0 d-------- C:\Program Files\PeerGuardian2
2008-04-29 01:48:34 0 d--h----- C:\Program Files\BitComet
2008-03-29 21:00:18 0 d-------- C:\Program Files\uTorrent


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdaptecDirectCD"="C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [12/17/2002 12:28 PM]
"POINTER"="point32.exe" []
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [08/11/2006 09:43 PM]
"nwiz"="nwiz.exe" [08/11/2006 09:43 PM C:\WINDOWS\system32\nwiz.exe]
"tgcmd"="C:\Program Files\support.com\bin\tgcmd.exe" [04/24/2002 06:37 PM]
"Ulead AutoDetector v2"="C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe" [08/27/2004 07:22 PM]
"NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [08/11/2006 09:43 PM]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [01/20/2007 12:09 AM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [10/25/2006 07:58 PM]
"Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [01/11/2008 07:54 PM]
"Adobe_ID0EYTHM"="C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE" [03/20/2007 04:40 PM]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [06/11/2007 02:25 AM]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [03/13/2008 11:11 PM]
"@"="" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\MSMSGS.exe" [10/13/2004 09:24 AM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 12:56 AM]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [01/28/2008 11:43 AM]
"AdobeUpdater"="C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [02/28/2007 11:06 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]
"srePostpone"=rundll32.exe c:\windows\system32\zonelabs\srescan.dll,DoSpecialAction

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [9/23/2005 11:05:26 PM]
MiniEYE-MiniREAD Launch.lnk - C:\Program Files\Infinite Mind LC\eyeQ\ARLaunch.exe [9/6/2007 5:37:44 PM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b6f50c0e-e8ce-11dc-8859-000bdb50f354}]
AutoRun\command- 1.exe 0o
explore\Command- 1.exe 0e
open\Command- 1.exe 0o




-- Hosts -----------------------------------------------------------------------

127.0.0.1 .archivioadulti.com
127.0.0.1 .internet-explorer.name
127.0.0.1 .katasearch.com
127.0.0.1 .preferiti-windows.com
127.0.0.1 .qoogler.com
127.0.0.1 .tuttoavolonta.com
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com

7885 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2008-05-26 19:13:54 ------------

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® 4 CPU 2.26GHz
Percentage of Memory in Use: 61%
Physical Memory (total/avail): 1022.98 MiB / 393.1 MiB
Pagefile Memory (total/avail): 2462.73 MiB / 1836.23 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1942.05 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 111.71 GiB total, 4.1 GiB free.
D: is CDROM (No Media)
E: is CDROM (No Media)
F: is CDROM (No Media)
G: is CDROM (CDFS)
H: is CDROM (No Media)
I: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - ST3120026AS - 111.76 GiB - 2 partitions
\PARTITION0 - Unknown - 39.19 MiB
\PARTITION1 (bootable) - Installable File System - 111.71 GiB - C:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FW: ZoneAlarm Security Suite Firewall v7.0.470.000 (Check Point, LTD.)
AV: ZoneAlarm Security Suite Antivirus v7.0.470.000 (Check Point, LTD.)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\BitComet\\BitComet.exe"="C:\\Program Files\\BitComet\\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client"
"C:\\Program Files\\Kaspersky Lab\\Kaspersky Anti-Virus 6.0\\avp.exe"="C:\\Program Files\\Kaspersky Lab\\Kaspersky Anti-Virus 6.0\\avp.exe:*:Enabled:Kaspersky Anti-Virus"
"C:\\Program Files\\support.com\\bin\\tgcmd.exe"="C:\\Program Files\\support.com\\bin\\tgcmd.exe:*:Enabled:Support.com Scheduler and Command Dispatcher"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype. Take a deep breath "
"C:\\Program Files\\THQ\\Dawn of War - Dark Crusade\\DarkCrusade.exe"="C:\\Program Files\\THQ\\Dawn of War - Dark Crusade\\DarkCrusade.exe:*:Disabled:DarkCrusade"
"C:\\Program Files\\BitTornado\\btdownloadgui.exe"="C:\\Program Files\\BitTornado\\btdownloadgui.exe:*:Enabled:btdownloadgui"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"="C:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe:*:Enabled:Adobe Version Cue CS3 Server"
"C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"="C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe:*:Enabled:Veoh Client"
"C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Enabled:Internet Explorer"
"C:\\WINDOWS\\system32\\PnkBstrA.exe"="C:\\WINDOWS\\system32\\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\\WINDOWS\\system32\\PnkBstrB.exe"="C:\\WINDOWS\\system32\\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\\Program Files\\eREAD6.0\\eREAD6.0\\eREAD_Cookcase.exe"="C:\\Program Files\\eREAD6.0\\eREAD6.0\\eREAD_Cookcase.exe:*:Disabled:eREAD 6.0"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Team Fortress 2\\hl2.exe"="C:\\Program Files\\Team Fortress 2\\hl2.exe:*:Enabled:hl2"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:µTorrent"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Mark Chen\Application Data
CLASSPATH=.;C:\Program Files\Java\j2re1.4.2\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=MARK-D0JAN3WS2H
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Mark Chen
LOGONSERVER=\\MARK-D0JAN3WS2H
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\Program Files\Internet Explorer;;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Common Files\Adaptec Shared\System;C:\Program Files\Common Files\Ulead Systems\MPEG;C:\Program Files\Common Files\Ulead Systems\DVD;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 9, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0209
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\j2re1.4.2\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\MARKCH~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\MARKCH~1\LOCALS~1\Temp
tvdumpflags=8
USERDOMAIN=MARK-D0JAN3WS2H
USERNAME=Mark Chen
USERPROFILE=C:\Documents and Settings\Mark Chen
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Mark Chen (admin)
Administrator (new local, admin)
Guest (guest)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
µTorrent --> "C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
Add or Remove Adobe Creative Suite 3 Master Collection --> C:\Program Files\Common Files\Adobe\Installers\5ac697db6c6103f6f8b5198d25f73f7\Setup.exe
Adobe After Effects CS3 --> MsiExec.exe /I{EB0202F7-016A-410C-ADE4-40F848CCC661}
Adobe After Effects CS3 Presets --> MsiExec.exe /I{193EAFD0-1BAF-4FB4-B18F-79D5D6A4B285}
Adobe After Effects CS3 Third Party Content --> C:\Program Files\Common Files\Adobe\Installers\3675c95c239b992d5d0ee8fce969b9e\Setup.exe
Adobe After Effects CS3 Third Party Content --> MsiExec.exe /I{7ECEF10B-F1C2-4FD5-861F-A3FCB4653304}
Adobe Anchor Service CS3 --> MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3 --> MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge CS3 --> MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting --> MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe BridgeTalk Plugin CS3 --> MsiExec.exe /I{B73CFB12-C814-4638-AFFD-7E3AAFAF0B4E}
Adobe Camera Raw 4.0 --> MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps --> MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color - Photoshop Specific --> MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
Adobe Color Common Settings --> C:\Program Files\Common Files\Adobe\Installers\6c8e2cb4fd241c55406016127a6ab2e\Setup.exe
Adobe Color Common Settings --> MsiExec.exe /I{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}
Adobe Color EU Extra Settings --> MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8}
Adobe Color JA Extra Settings --> MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Recommended Settings --> MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5}
Adobe Contribute CS3 --> MsiExec.exe /I{FC9E08AA-CD59-4C59-BEF9-87E05B9E37D7}
Adobe Creative Suite 3 Master Collection --> MsiExec.exe /I{0CEC06EF-5052-4CE8-8256-74AE363A4238}
Adobe Default Language CS3 --> MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3 --> MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe Dreamweaver CS3 --> MsiExec.exe /I{7C10F5C7-F00F-4BD3-A110-C7D240D2DD25}
Adobe Encore CS3 --> MsiExec.exe /I{54B2EAD9-A110-43F7-B010-2859A1BD2AFE}
Adobe Encore CS3 Codecs --> MsiExec.exe /I{B8B7A4D8-80E1-4DAE-BD33-7FD535BA3931}
Adobe ExtendScript Toolkit 2 --> C:\Program Files\Common Files\Adobe\Installers\5bc0f8414ec36c555a3e7e5ec2e225e\Setup.exe
Adobe ExtendScript Toolkit 2 --> MsiExec.exe /I{1BCEA516-B4C5-4B2D-BFA0-AB7910BAD862}
Adobe Extension Manager CS3 --> MsiExec.exe /I{BE5F3842-8309-4754-92D5-83E02E6077A3}
Adobe Fireworks CS3 --> MsiExec.exe /I{7DFC1012-D346-46CE-B03E-FF79125AE029}
Adobe Flash CS3 --> MsiExec.exe /I{6B52140A-F189-4945-BFFC-DB3F00B8C589}
Adobe Flash Player 9 ActiveX --> MsiExec.exe /X{BC4F8E84-5E29-49EC-B4E7-E6F9CB50986C}
Adobe Flash Player 9 Plugin --> MsiExec.exe /X{88D422DB-E9C7-4E16-9D80-2999F4FD6AD9}
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Video Encoder --> MsiExec.exe /I{2EFFFC71-1E66-454E-A6E6-CEEC800B96D2}
Adobe Fonts All --> MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Help Viewer CS3 --> MsiExec.exe /I{7ACFB90E-8FD0-4397-AD3A-5195412623A3}
Adobe Illustrator CS3 --> MsiExec.exe /I{F08E8D2E-F132-4742-9C87-D5FF223A016A}
Adobe InDesign CS3 --> MsiExec.exe /I{CB3F8375-B600-4B9F-83C9-238ED1E583FD}
Adobe InDesign CS3 Icon Handler --> MsiExec.exe /I{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}
Adobe Linguistics CS3 --> MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe MotionPicture Color Files --> MsiExec.exe /I{6B708481-748A-4EB4-97C1-CD386244FF77}
Adobe PDF Library Files --> MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop Album 2.0 Starter Edition --> MsiExec.exe /I{11B569C2-4BF6-4ED0-9D17-A4273943CB24}
Adobe Photoshop CS3 --> MsiExec.exe /I{0046FA01-C5B9-4985-BACB-398DC480FC05}
Adobe Premiere Pro CS3 --> MsiExec.exe /I{58DCEEE5-532E-44F4-B1D7-A146EF9E9FDA}
Adobe Premiere Pro CS3 Functional Content --> MsiExec.exe /I{50F102CA-4BE2-41A9-9810-5BB05EB91B9A}
Adobe Premiere Pro CS3 Third Party Content --> MsiExec.exe /I{485ACF57-F364-440A-8496-E1E81C8FA1AA}
Adobe Reader 7.0.8 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70000000000}
Adobe Setup --> MsiExec.exe /I{004685F7-9FB6-4789-812F-59ABB34A55AF}
Adobe Setup --> MsiExec.exe /I{1DDB76B6-9B33-47DE-8577-78EBFD3E2FF3}
Adobe Setup --> MsiExec.exe /I{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}
Adobe Setup --> MsiExec.exe /I{D504303A-717D-414C-BA9F-FE01093E2EF8}
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Adobe SING CS3 --> MsiExec.exe /I{B671CBFD-4109-4D35-9252-3062D3CCB7B2}
Adobe Soundbooth CS3 --> MsiExec.exe /I{A6B23EFA-6590-482C-A11F-5ACE1B91F5B9}
Adobe Soundbooth CS3 Codecs --> MsiExec.exe /I{0327FA9D-975C-448C-A086-577D57BB25B8}
Adobe Stock Photos CS3 --> MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe Type Support --> MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3 --> MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client --> MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe Version Cue CS3 Server {ko_KR} --> MsiExec.exe /I{1D58229F-C505-45CA-8223-F35F3A34B963}
Adobe Video Profiles --> MsiExec.exe /I{845A8DB9-8802-4FD3-9FE3-938A6C46A2EC}
Adobe WAS CS3 --> MsiExec.exe /I{C5BD220A-EFE8-48A5-B70E-9503D535FACE}
Adobe WinSoft Linguistics Plugin --> MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe XMP DVA Panels CS3 --> MsiExec.exe /I{0224CACC-994D-45F8-B973-D65056EA9C2F}
Adobe XMP Panels CS3 --> MsiExec.exe /I{D5A31AB1-345D-47C7-A87B-036A669F6DF1}
AHV content for Acrobat and Flash --> MsiExec.exe /I{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}
AV Voice Changer Software DIAMOND 5.0 --> C:\PROGRA~1\AVVCS5~1.0DI\UNWISE.EXE C:\PROGRA~1\AVVCS5~1.0DI\INSTALL.LOG
AVG Anti-Spyware 7.5 --> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
Combined Community Codec Pack 2006-05-01 (Remove Only) --> C:\Program Files\Combined Community Codec Pack\Uninstall.exe
Comcast High-Speed Internet Install Wizard --> C:\Program Files\support.com\uninstall\chsi_uninstaller.exe
ComcastSUPPORT --> "C:\Program Files\support.com\bin\tgfix.exe" /rm /nq
Conexant D850 56K V.9x DFVc Modem --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1\HXFSETUP.EXE -U -Idel200fk.inf
DAEMON Tools --> MsiExec.exe /I{3DED3A72-61A8-4B87-98A5-EF0BC8038AA0}
Dell ResourceCD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D78653C3-A8FF-415F-92E6-D774E634FF2D}\setup.exe"
DivX --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter --> C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
DivX Converter --> C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Easy CD Creator 5 Basic --> MsiExec.exe /I{609F7AC8-C510-11D4-A788-009027ABA5D0}
Easy Video Splitter 1.28 --> "C:\Program Files\Easy Video Splitter\unins001.exe"
eyeQ --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B33CD700-6738-11D4-87FE-0080C6F974A2}\setup.exe" -l0x9 -uninst
ffdshow (remove only) --> "C:\Program Files\ffdshow\uninstall.exe"
Form Fill (Windows Live Toolbar) --> MsiExec.exe /X{548B3DC6-2300-47E1-BA7B-74AD25F8DEBF}
GSpot Codec Information Appliance --> C:\Program Files\GSpot\Uninstall.exe
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
ieSpell --> "C:\Program Files\ieSpell\uninst.exe"
Intel ® Pro Alerting Agent --> MsiExec.exe /I{3C50A915-DD33-4802-B83B-9EA997D3337B}
Intel® PRO Network Adapters and Drivers --> Prounstl.exe
Intel® PROSet --> MsiExec.exe /I{A790BEB1-BCCF-4EC6-807B-5708B36E8A79}
Internet Explorer Q903235 --> C:\WINDOWS\ieuninst.exe C:\WINDOWS\INF\Q903235.inf
Java 2 Runtime Environment, SE v1.4.2 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142000}
Lexmark 810 Series --> C:\WINDOWS\System32\spool\drivers\w32x86\3\LXBSUNST.EXE -NOLICENSE
Macromedia Extension Manager --> MsiExec.exe /I{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}
Magic ISO Maker v4.9 (build 0144) --> C:\PROGRA~1\MagicISO\UNWISE.EXE C:\PROGRA~1\MagicISO\INSTALL.LOG
Map Button (Windows Live Toolbar) --> MsiExec.exe /X{7745B7A9-F323-4BB9-9811-01BF57A028DA}
Microsoft Base Smart Card Cryptographic Service Provider Package --> "C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{91110409-6000-11D3-8CFE-0150048383C9}
Microsoft Reader --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B6F7DBE7-2FE2-458F-A738-B10832746036}\Setup.exe" -L0x9
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Move Networks Media Player for Internet Explorer --> C:\Documents and Settings\Mark Chen\Application Data\Move Networks\ie_bin\Uninst.exe
Mozilla Firefox (2.0.0.14) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MP3 Player Utilities 3.68 --> MsiExec.exe /I{7784A172-61F1-445E-8368-601607E0DD22}
MPEGTool --> C:\WINDOWS\uninst.exe -f"C:\Program Files\MPEGTool\DeIsL1.isu" -c"C:\Program Files\MPEGTool\_ISREG32.DLL"
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
NVIDIA Drivers --> C:\WINDOWS\System32\nvudisp.exe UninstallGUI
OneCare Advisor (Windows Live Toolbar) --> MsiExec.exe /X{53B2CFE9-A508-4457-B2CA-5D253536BFB7}
OpenCASE Media Agent --> MsiExec.exe /I{1771FDC8-D846-4B77-996A-C80DAD42C03F}
PDF Settings --> MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
PeerGuardian 2.0 --> "C:\Program Files\PeerGuardian2\unins000.exe"
Popup Blocker (Windows Live Toolbar) --> MsiExec.exe /X{66A7A386-6F35-41A7-A731-101F0C0153C8}
PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
PowerISO --> "C:\Program Files\PowerISO\uninstall.exe"
QuickTime --> MsiExec.exe /I{50D8FFDD-90CD-4859-841F-AA1961C7767A}
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
SmartSound Quicktracks Plugin --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}
SoundMAX --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\setup.exe"
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Tabbed Browsing (Windows Live Toolbar) --> MsiExec.exe /X{47FBF7F9-FBD3-43EF-823B-7684D56C1962}
Ulead Photo Explorer 8.5 Trial --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{025C3792-E9C6-432A-92C1-661F99D021CA}\Setup.exe" -l0x9
Undisker --> C:\WINDOWS\UnGins.exe "C:\Program Files\Undisker\install.log"
VeohTV BETA --> C:\Program Files\InstallShield Installation Information\{97A96172-A963-4A37-9FFB-DA6805BB915A}\setup.exe -runfromtemp -l0x0409
VideoLAN VLC media player 0.8.6d --> C:\Program Files\VideoLAN\VLC\uninstall.exe
Vodei Multimedia Processor 1.09 --> C:\Program Files\Vodei\uninst.exe
Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Live Favorites for Windows Live Toolbar --> MsiExec.exe /X{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}
Windows Live Messenger --> MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows Live Outlook Toolbar (Windows Live Toolbar) --> MsiExec.exe /X{35E1A8C8-6646-4101-B0AA-42D1EB2AB3AE}
Windows Live Sign-in Assistant --> MsiExec.exe /I{49672EC2-171B-47B4-8CE7-50D7806360D7}
Windows Live Toolbar --> "C:\Program Files\Windows Live Toolbar\UnInstall.exe" {D5A145FC-D00C-4F1A-9119-EB4D9D659750}
Windows Live Toolbar --> MsiExec.exe /X{D5A145FC-D00C-4F1A-9119-EB4D9D659750}
Windows Live Toolbar Extension (Windows Live Toolbar) --> MsiExec.exe /X{341201D4-4F61-4ADB-987E-9CCE4D83A58D}
Windows Live Toolbar Feed Detector (Windows Live Toolbar) --> MsiExec.exe /X{68108E66-D13A-4EE8-A6F4-40E4B90C2A26}
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
WinZip --> "C:\Program Files\WinZip\WINZIP32.EXE" /uninstall
XML Paper Specification Shared Components Pack 1.0 -->
ZoneAlarm Security Suite --> C:\Program Files\Zone Labs\ZoneAlarm\zauninst.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type306 / Error
Event Submitted/Written: 05/26/2008 10:28:07 AM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application explorer.exe, version 6.0.2900.3156, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type227 / Error
Event Submitted/Written: 05/21/2008 11:20:39 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application explorer.exe, version 6.0.2900.3156, faulting module unknown, version 0.0.0.0, fault address 0x03dfcc80.
Processing media-specific event for [explorer.exe!ws!]

Event Record #/Type226 / Error
Event Submitted/Written: 05/21/2008 08:37:08 AM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application iexplore.exe, version 7.0.6000.16640, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type220 / Error
Event Submitted/Written: 05/20/2008 08:34:28 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application SpybotSD.exe, version 1.5.2.20, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type219 / Error
Event Submitted/Written: 05/20/2008 08:34:26 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application SpybotSD.exe, version 1.5.2.20, hang module hungapp, version 0.0.0.0, hang address 0x00000000.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type27952 / Error
Event Submitted/Written: 05/25/2008 07:24:45 PM
Event ID/Source: 7034 / Service Control Manager
Event Description:
The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).

Event Record #/Type27942 / Warning
Event Submitted/Written: 05/25/2008 05:51:19 PM
Event ID/Source: 27 / E1000
Event Description:
Intel® PRO/1000 MT Network Connection
Link has been disconnected.

Event Record #/Type27937 / Warning
Event Submitted/Written: 05/25/2008 03:33:11 PM
Event ID/Source: 27 / E1000
Event Description:
Intel® PRO/1000 MT Network Connection
Link has been disconnected.

Event Record #/Type27936 / Warning
Event Submitted/Written: 05/25/2008 03:11:14 PM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Event Record #/Type27935 / Warning
Event Submitted/Written: 05/25/2008 02:16:36 PM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.



-- End of Deckard's System Scanner: finished at 2008-05-26 19:13:54 ------------

Directories/Files moved to C:\Deckard\System Scanner\backup

2008-05-26 17:56:29 0 d-------- C:\DOCUME~1\MARKCH~1\LOCALS~1\Temp\Acrobat Distiller 8
2008-05-15 11:08:12 4448 --a------ C:\DOCUME~1\MARKCH~1\LOCALS~1\Temp\alm.log
2008-05-15 11:08:12 2439 --a------ C:\DOCUME~1\MARKCH~1\LOCALS~1\Temp\amt.log
2008-05-21 22:14:33 123 --a------ C:\DOCUME~1\MARKCH~1\LOCALS~1\Temp\CFG60.tmp
2008-05-23 17:02:19 12818 --a------ C:\DOCUME~1\MARKCH~1\LOCALS~1\Temp\control.xml
2008-05-26 17:55:38 25014 --a------ C:\DOCUME~1\MARKCH~1\LOCALS~1\Temp\libFNP_events.log
2008-05-22 21:39:23 34 --a------ C:\DOCUME~1\MARKCH~1\LOCALS~1\Temp\mod5D.tmp
2008-05-18 14:27:45 16384 --a-----t C:\DOCUME~1\MARKCH~1\LOCALS~1\Temp\Perflib_Perfdata_144.dat
2008-05-17 16:46:07 16384 --a-----t C:\DOCUME~1\MARKCH~1\LOCALS~1\Temp\Perflib_Perfdata_200.dat
2008-05-19 18:58:01 16384 --a-----t C:\DOCUME~1\MARKCH~1\LOCALS~1\Temp\Perflib_Perfdata_2b4.dat
2008-05-13 17:16:05 16384 --a-----t C:\DOCUME~1\MARKCH~1\LOCALS~1\Temp\Perflib_Perfdata_2d4.dat
2008-05-12 15:09:50 16384 --a-----t C:\DOCUME~1\MARKCH~1\LOCALS~1\Temp\Perflib_Perfdata_2ec.dat
2008-05-16 06:42:44 16384 --a-----t C:\DOCUME~1\MARKCH~1\LOCALS~1\Temp\Perflib_Perfdata_478.dat
2008-05-15 12:38:50 16384 --a-----t C:\DOCUME~1\MARKCH~1\LOCALS~1\Temp\Perflib_Perfdata_710.dat
2008-05-26 08:29:58 16384 --a-----t C:\DOCUME~1\MARKCH~1\LOCALS~1\Temp\Perflib_Perfdata_7f8.dat
2008-05-22 12:33:49 16384 --a-----t C:\DOCUME~1\MARKCH~1\LOCALS~1\Temp\Perflib_Perfdata_af8.dat
2008-05-25 15:34:37 16384 --a-----t C:\DOCUME~1\MARKCH~1\LOCALS~1\Temp\Perflib_Perfdata_b64.dat
2008-05-12 22:59:31 16384 --a-----t C:\DOCUME~1\MARKCH~1\LOCALS~1\Temp\Perflib_Perfdata_c40.dat
2008-05-21 15:26:55 16384 --a-----t C:\DOCUME~1\MARKCH~1\LOCALS~1\Temp\Perflib_Perfdata_d2c.dat
2008-05-12 22:29:25 16384 --a-----t C:\DOCUME~1\MARKCH~1\LOCALS~1\Temp\Perflib_Perfdata_ecc.dat
2008-05-15 11:05:29 2 --a------ C:\DOCUME~1\MARKCH~1\LOCALS~1\Temp\Twain001.Mtx
2008-05-11 21:58:29 0 d-------- C:\DOCUME~1\MARKCH~1\LOCALS~1\Temp\VBE
2008-05-18 23:15:19 16384 --a------ C:\DOCUME~1\MARKCH~1\LOCALS~1\Temp\~DF104E.tmp
2008-05-12 15:06:09 16384 --a------ C:\DOCUME~1\MARKCH~1\LOCALS~1\Temp\~DF1638.tmp
2008-05-11 08:12:16 16384 --a------ C:\DOCUME~1\MARKCH~1\LOCALS~1\Temp\~DF183B.tmp
2008-05-23 07:34:01 16384 --a------ C:\DOCUME~1\MARKCH~1\LOCALS~1\Temp\~DF19C5.tmp
2008-05-21 21:03:37 16384 --a------ C:\DOCUME~1\MARKCH~1\LOCALS~1\Temp\~DF1A60.tmp
2008-05-15 06:54:23 16384 --a------ C:\DOCUME~1\MARKCH~1\LOCALS~1\Temp\~DF1E4A.tmp
2008-05-18 15:46:29 16384 --a------ C:\DOCUME~1\MARKCH~1\LOCALS~1\Temp\~DF2003.tmp
2008-05-12 12:12:42 16384 --a------ C:\DOCUME~1\MARKCH~1\LOCALS~1\Temp\~DF23C5.tmp
2008-05-20 19:01:30 16384 --a------ C:\DOCUME~1\MARKCH~1\LOCALS~1\Temp\~DF34C7.tmp
2008-05-13 17:09:48 16384 --a------ C:\DOCUME~1\MARKCH~1\LOCALS~1\Temp\~DF354E.tmp
2008-05-26 10:09:32 16384 --a------ C:\DOCUME~1\MARKCH~1\LOCALS~1\Temp\~DF35F9.tmp
2008-05-14 21:09:08 16384 --a------ C:\DOCUME~1\MARKCH~1\LOCALS~1\Temp\~DF375D.tmp
2008-05-23 08:11:57 16384 --a------ C:\DOCUME~1\MARKCH~1\LOCALS~1\Temp\~DF3AA8.tmp
2008-05-19 20:21:44 16384 --a------ C:\DOCUME~1\MARKCH~1\LOCALS~1\Temp\~DF4B23.tmp
2008-05-16 19:32:53 16384 --a------ C:\DOCUME~1\MARKCH~1\LOCALS~1\Temp\~DF4D1D.tmp
2008-05-22 14:34:41 16384 --a------ C:\DOCUME~1\MARKCH~1\LOCALS~1\Temp\~DF4FA4.tmp
2008-05-22 19:52:48 16384 --a------ C:\DOCUME~1\MARKCH~1\LOCALS~1\Temp\~DF5328.tmp
2008-05-11 08:05:15 16384 --a------ C:\DOCUME~1\MARKCH~1\LOCALS~1\Temp\~DF568A.tmp
2008-05-13 11:59:42 16384 --a------ C:\DOCUME~1\MARKCH~1\LOCALS~1\Temp\~DF580D.tmp
2008-05-13 19:34:51 16384 --a------ C:\DOCUME~1\MARKCH~1\LOCALS~1\Temp\~DF6167.tmp
2008-05-14 22:49:23 16384 --a------ C:\DOCUME~1\MARKCH~1\LOCALS~1\Temp\~DF65C8.tmp
2008-05-20 16:31:02 16384 --a------ C:\DOCUME~1\MARKCH~1\LOCALS~1\Temp\~DF68A7.tmp
2008-05-15 15:30:02 16384 --a------ C:\DOCUME~1\MARKCH~1\LOCALS~1\Temp\~DF6B5C.tmp
2008-05-15 15:30:02 512 --a-----t C:\DOCUME~1\MARKCH~1\LOCALS~1\Temp\~DF6C44.tmp
2008-05-15 12:34:56 16384 --a------ C:\DOCUME~1\MARKCH~1\LOCALS~1\Temp\~DF73C4.tmp
2008-05-12 20:29:19 16384 --a------ C:\DOCUME~1\MARKCH~1\LOCALS~1\Temp\~DF753E.tmp
2008-05-26 14:19:20 16384 --a------ C:\DOCUME~1\MARKCH~1\LOCALS~1\Temp\~DF78FD.tmp
2008-05-26 08:24:36 16384 --a------ C:\DOCUME~1\MARKCH~1\LOCALS~1\Temp\~DF7EC8.tmp
2008-05-22 12:25:49 16384 --a------ C:\DOCUME~1\MARKCH~1\LOCALS~1\Temp\~DF814F.tmp
2008-05-19 18:51:54 16384 --a------ C:\DOCUME~1\MARKCH~1\LOCALS~1\Temp\~DF8731.tmp
2008-05-17 18:02:37 16384 --a------ C:\DOCUME~1\MARKCH~1\LOCALS~1\Temp\~DF8798.tmp
2008-05-18 13:18:47 16384 --a------ C:\DOCUME~1\MARKCH~1\LOCALS~1\Temp\~DF8939.tmp
2008-05-26 10:49:29 16384 --a------ C:\DOCUME~1\MARKCH~1\LOCALS~1\Temp\~DF89CB.tmp
2008-05-16 06:40:16 16384 --a------ C:\DOCUME~1\MARKCH~1\LOCALS~1\Temp\~DF8B48.tmp
2008-05-23 16:17:07 16384 --a------ C:\DOCUME~1\MARKCH~1\LOCALS~1\Temp\~DF9A7A.tmp
2008-05-13 07:38:52 16384 --a------ C:\DOCUME~1\MARKCH~1\LOCALS~1\Temp\~DF9BBC.tmp
2008-05-20 08:23:30 16384 --a------ C:\DOCUME~1\MARKCH~1\LOCALS~1\Temp\~DF9C69.tmp
2008-05-21 12:20:29 16384 --a------ C:\DOCUME~1\MARKCH~1\LOCALS~1\Temp\~DF9EED.tmp
2008-05-17 13:20:15 16384 --a------ C:\DOCUME~1\MARKCH~1\LOCALS~1\Temp\~DFA405.tmp
2008-05-10 23:43:05 16384 -----n--- C:\DOCUME~1\MARKCH~1\LOCALS~1\Temp\~DFA635.tmp
2008-05-14 10:07:17 16384 --a------ C:\DOCUME~1\MARKCH~1\LOCALS~1\Temp\~DFA713.tmp
2008-05-25 13:24:04 16384 --a------ C:\DOCUME~1\MARKCH~1\LOCALS~1\Temp\~DFACC9.tmp
2008-05-11 08:05:11 16384 --a------ C:\DOCUME~1\MARKCH~1\LOCALS~1\Temp\~DFB3E1.tmp
2008-05-25 19:25:06 16384 --a------ C:\DOCUME~1\MARKCH~1\LOCALS~1\Temp\~DFB759.tmp
2008-05-19 08:35:33 16384 --a------ C:\DOCUME~1\MARKCH~1\LOCALS~1\Temp\~DFB865.tmp
2008-05-18 22:26:24 16384 --a------ C:\DOCUME~1\MARKCH~1\LOCALS~1\Temp\~DFC025.tmp
2008-05-16 12:49:25 16384 --a------ C:\DOCUME~1\MARKCH~1\LOCALS~1\Temp\~DFC205.tmp
2008-05-21 08:32:57 16384 --a------ C:\DOCUME~1\MARKCH~1\LOCALS~1\Temp\~DFC803.tmp
2008-05-15 15:36:09 16384 --a------ C:\DOCUME~1\MARKCH~1\LOCALS~1\Temp\~DFD42A.tmp
2008-05-11 21:22:47 16384 --a------ C:\DOCUME~1\MARKCH~1\LOCALS~1\Temp\~DFD7CC.tmp
2008-05-11 10:29:55 16384 --a------ C:\DOCUME~1\MARKCH~1\LOCALS~1\Temp\~DFDEFE.tmp
2008-05-18 14:18:16 16384 --a------ C:\DOCUME~1\MARKCH~1\LOCALS~1\Temp\~DFE88E.tmp
2008-05-11 11:30:07 16384 --a------ C:\DOCUME~1\MARKCH~1\LOCALS~1\Temp\~DFEFC1.tmp
2007-12-27 09:53:20 0 d--hs---- C:\WINDOWS\temp\Cookies
2007-12-27 09:53:20 0 d--hs---- C:\WINDOWS\temp\History
2008-05-26 17:55:38 32690 --a------ C:\WINDOWS\temp\libFNP_events.log
2008-05-10 07:10:17 16384 --a-----t C:\WINDOWS\temp\Perflib_Perfdata_87c.dat
2008-05-07 05:14:09 16384 --a-----t C:\WINDOWS\temp\Perflib_Perfdata_e70.dat
2007-12-27 09:53:20 0 d--hs---- C:\WINDOWS\temp\Temporary Internet Files
2008-05-26 17:54:46 255 --a------ C:\WINDOWS\temp\WGAErrLog.txt
2008-05-26 17:56:05 409 --a------ C:\WINDOWS\temp\WGANotify.settings
2008-05-18 23:13:09 256 --a-----t C:\WINDOWS\temp\ZLT001f9.TMP
2008-05-05 22:48:55 256 --a-----t C:\WINDOWS\temp\ZLT0022f.TMP
2008-05-21 20:54:30 256 --a-----t C:\WINDOWS\temp\ZLT00241.TMP
2008-05-21 20:54:31 256 --a-----t C:\WINDOWS\temp\ZLT00244.TMP
2008-05-10 08:02:51 256 --a-----t C:\WINDOWS\temp\ZLT00442.TMP
2008-05-24 18:38:55 256 --a-----t C:\WINDOWS\temp\ZLT004e1.TMP
2008-05-24 18:38:56 256 --a-----t C:\WINDOWS\temp\ZLT004e5.TMP
2008-05-19 18:50:18 256 --a-----t C:\WINDOWS\temp\ZLT006ed.TMP
2008-05-16 12:47:50 256 --a-----t C:\WINDOWS\temp\ZLT0071c.TMP
2008-05-16 12:47:51 256 --a-----t C:\WINDOWS\temp\ZLT0071f.TMP
2008-05-06 18:40:41 256 --a-----t C:\WINDOWS\temp\ZLT007d7.TMP
2008-05-06 18:40:41 256 --a-----t C:\WINDOWS\temp\ZLT00a6b.TMP
2008-05-23 19:05:26 256 --a-----t C:\WINDOWS\temp\ZLT00d38.TMP
2008-05-02 14:04:29 256 --a-----t C:\WINDOWS\temp\ZLT00e6c.TMP
2008-05-04 08:22:46 256 --a-----t C:\WINDOWS\temp\ZLT012a3.TMP
2008-05-19 18:50:18 256 --a-----t C:\WINDOWS\temp\ZLT01557.TMP
2008-05-07 20:10:08 256 --a-----t C:\WINDOWS\temp\ZLT01a6f.TMP
2008-05-07 20:10:09 256 --a-----t C:\WINDOWS\temp\ZLT01a72.TMP
2008-05-22 12:24:16 256 --a-----t C:\WINDOWS\temp\ZLT01ff2.TMP
2008-05-05 15:21:37 256 --a-----t C:\WINDOWS\temp\ZLT02159.TMP
2008-05-09 08:35:37 256 --a-----t C:\WINDOWS\temp\ZLT02323.TMP
2008-05-24 19:19:25 256 --a-----t C:\WINDOWS\temp\ZLT023e1.TMP
2008-05-10 23:41:13 256 --a-----t C:\WINDOWS\temp\ZLT02664.TMP
2008-05-25 09:21:15 256 --a-----t C:\WINDOWS\temp\ZLT02831.TMP
2008-05-15 06:52:39 256 --a-----t C:\WINDOWS\temp\ZLT02921.TMP
2008-05-15 06:52:40 256 --a-----t C:\WINDOWS\temp\ZLT02924.TMP
2008-05-03 07:47:34 256 --a-----t C:\WINDOWS\temp\ZLT02990.TMP
2008-05-18 15:44:47 256 --a-----t C:\WINDOWS\temp\ZLT02ace.TMP
2008-05-18 15:44:48 256 --a-----t C:\WINDOWS\temp\ZLT02ad2.TMP
2008-05-11 08:10:57 256 --a-----t C:\WINDOWS\temp\ZLT02c86.TMP
2008-05-22 14:33:23 256 --a-----t C:\WINDOWS\temp\ZLT02cb1.TMP
2008-05-19 08:33:22 256 --a-----t C:\WINDOWS\temp\ZLT02cf4.TMP
2008-05-12 20:25:57 256 --a-----t C:\WINDOWS\temp\ZLT02d34.TMP
2008-05-15 12:32:55 256 --a-----t C:\WINDOWS\temp\ZLT02d8f.TMP
2008-05-19 08:33:22 256 --a-----t C:\WINDOWS\temp\ZLT02ebf.TMP
2008-05-13 07:37:21 256 --a-----t C:\WINDOWS\temp\ZLT02f13.TMP
2008-05-07 13:59:20 256 --a-----t C:\WINDOWS\temp\ZLT0308a.TMP
2008-05-22 14:33:23 256 --a-----t C:\WINDOWS\temp\ZLT03132.TMP
2008-05-09 08:35:37 256 --a-----t C:\WINDOWS\temp\ZLT03181.TMP
2008-05-12 12:10:39 256 --a-----t C:\WINDOWS\temp\ZLT0321e.TMP
2008-05-12 12:10:40 256 --a-----t C:\WINDOWS\temp\ZLT03221.TMP
2008-05-23 12:59:19 256 --a-----t C:\WINDOWS\temp\ZLT032d4.TMP
2008-05-23 12:59:21 256 --a-----t C:\WINDOWS\temp\ZLT032da.TMP
2008-05-14 22:47:27 256 --a-----t C:\WINDOWS\temp\ZLT035c5.TMP
2008-05-09 17:31:25 256 --a-----t C:\WINDOWS\temp\ZLT03639.TMP
2008-05-12 15:04:06 256 --a-----t C:\WINDOWS\temp\ZLT036df.TMP
2008-05-06 08:33:12 256 --a-----t C:\WINDOWS\temp\ZLT036e4.TMP
2008-05-06 08:33:13 256 --a-----t C:\WINDOWS\temp\ZLT036e7.TMP
2008-05-04 11:58:12 256 --a-----t C:\WINDOWS\temp\ZLT03786.TMP
2008-05-04 11:58:13 256 --a-----t C:\WINDOWS\temp\ZLT03789.TMP
2008-05-15 15:33:48 256 --a-----t C:\WINDOWS\temp\ZLT03800.TMP
2008-05-09 09:02:53 256 --a-----t C:\WINDOWS\temp\ZLT03802.TMP
2008-05-15 15:33:49 256 --a-----t C:\WINDOWS\temp\ZLT03803.TMP
2008-05-09 09:02:54 256 --a-----t C:\WINDOWS\temp\ZLT03805.TMP
2008-05-26 10:47:55 256 --a-----t C:\WINDOWS\temp\ZLT038a8.TMP
2008-05-26 10:47:56 256 --a-----t C:\WINDOWS\temp\ZLT038ab.TMP
2008-05-23 07:32:40 256 --a-----t C:\WINDOWS\temp\ZLT038d2.TMP
2008-05-23 07:32:41 256 --a-----t C:\WINDOWS\temp\ZLT038d5.TMP
2008-05-09 17:31:25 256 --a-----t C:\WINDOWS\temp\ZLT03d39.TMP
2008-05-07 07:23:04 256 --a-----t C:\WINDOWS\temp\ZLT03e4c.TMP
2008-05-16 06:38:16 256 --a-----t C:\WINDOWS\temp\ZLT0406e.TMP
2008-05-17 18:01:16 256 --a-----t C:\WINDOWS\temp\ZLT04522.TMP
2008-05-17 18:01:17 256 --a-----t C:\WINDOWS\temp\ZLT04525.TMP
2008-05-24 08:57:49 256 --a-----t C:\WINDOWS\temp\ZLT04820.TMP
2008-05-24 08:57:50 256 --a-----t C:\WINDOWS\temp\ZLT04823.TMP
2008-05-03 07:47:34 256 --a-----t C:\WINDOWS\temp\ZLT0490a.TMP
2008-05-21 08:31:34 256 --a-----t C:\WINDOWS\temp\ZLT049a2.TMP
2008-05-22 12:24:16 256 --a-----t C:\WINDOWS\temp\ZLT049de.TMP
2008-05-26 08:23:11 256 --a-----t C:\WINDOWS\temp\ZLT049e2.TMP
2008-05-23 19:05:26 256 --a-----t C:\WINDOWS\temp\ZLT04b0b.TMP
2008-05-20 19:00:00 256 --a-----t C:\WINDOWS\temp\ZLT04c54.TMP
2008-05-26 08:23:11 256 --a-----t C:\WINDOWS\temp\ZLT04d9f.TMP
2008-05-07 07:23:04 256 --a-----t C:\WINDOWS\temp\ZLT04f58.TMP
2008-05-13 19:32:52 256 --a-----t C:\WINDOWS\temp\ZLT052b6.TMP
2008-05-05 08:06:39 256 --a-----t C:\WINDOWS\temp\ZLT0546f.TMP
2008-05-05 08:06:40 256 --a-----t C:\WINDOWS\temp\ZLT05473.TMP
2008-05-12 15:04:06 256 --a-----t C:\WINDOWS\temp\ZLT055c5.TMP
2008-05-23 08:10:37 256 --a-----t C:\WINDOWS\temp\ZLT055dd.TMP
2008-05-10 08:02:51 256 --a-----t C:\WINDOWS\temp\ZLT05831.TMP
2008-05-26 14:17:48 256 --a-----t C:\WINDOWS\temp\ZLT0594c.TMP
2008-05-26 14:17:49 256 --a-----t C:\WINDOWS\temp\ZLT0594f.TMP
2008-05-21 12:18:04 256 --a-----t C:\WINDOWS\temp\ZLT05a03.TMP
2008-05-23 08:10:37 256 --a-----t C:\WINDOWS\temp\ZLT05abd.TMP
2008-05-20 19:00:00 256 --a-----t C:\WINDOWS\temp\ZLT05c7c.TMP
2008-05-18 22:25:01 256 --a-----t C:\WINDOWS\temp\ZLT05d22.TMP
2008-05-18 22:25:02 256 --a-----t C:\WINDOWS\temp\ZLT05d25.TMP
2008-05-24 23:22:30 256 --a-----t C:\WINDOWS\temp\ZLT05ded.TMP
2008-05-24 23:22:31 256 --a-----t C:\WINDOWS\temp\ZLT05df0.TMP
2008-05-05 15:21:37 256 --a-----t C:\WINDOWS\temp\ZLT05eed.TMP
2008-05-13 07:37:21 256 --a-----t C:\WINDOWS\temp\ZLT05f33.TMP
2008-05-13 19:32:52 256 --a-----t C:\WINDOWS\temp\ZLT0628e.TMP
2008-05-18 23:13:09 256 --a-----t C:\WINDOWS\temp\ZLT062cd.TMP
2008-05-13 17:08:01 256 --a-----t C:\WINDOWS\temp\ZLT063d8.TMP
2008-05-13 17:08:02 256 --a-----t C:\WINDOWS\temp\ZLT063dc.TMP
2008-05-08 09:28:06 256 --a-----t C:\WINDOWS\temp\ZLT06424.TMP
2008-05-18 14:16:57 256 --a-----t C:\WINDOWS\temp\ZLT06795.TMP
2008-05-18 14:16:58 256 --a-----t C:\WINDOWS\temp\ZLT06798.TMP
2008-05-15 12:32:55 256 --a-----t C:\WINDOWS\temp\ZLT06892.TMP
2008-05-20 16:29:22 256 --a-----t C:\WINDOWS\temp\ZLT06932.TMP
2008-05-24 19:19:26 256 --a-----t C:\WINDOWS\temp\ZLT06a99.TMP
2008-05-16 06:38:16 256 --a-----t C:\WINDOWS\temp\ZLT06c41.TMP
2008-05-17 13:18:46 256 --a-----t C:\WINDOWS\temp\ZLT06cea.TMP
2008-05-17 13:18:47 256 --a-----t C:\WINDOWS\temp\ZLT06cee.TMP
2008-05-06 20:53:53 256 --a-----t C:\WINDOWS\temp\ZLT06dc9.TMP
2008-05-06 20:53:54 256 --a-----t C:\WINDOWS\temp\ZLT06dcc.TMP
2008-05-14 10:04:44 256 --a-----t C:\WINDOWS\temp\ZLT06e02.TMP
2008-05-04 08:22:46 256 --a-----t C:\WINDOWS\temp\ZLT06e8c.TMP
2008-05-14 22:47:27 256 --a-----t C:\WINDOWS\temp\ZLT06fd2.TMP
2008-05-25 09:21:15 256 --a-----t C:\WINDOWS\temp\ZLT0718f.TMP
2008-05-14 10:04:44 256 --a-----t C:\WINDOWS\temp\ZLT07439.TMP
2008-05-25 19:23:37 256 --a-----t C:\WINDOWS\temp\ZLT0753a.TMP
2008-05-25 19:23:38 256 --a-----t C:\WINDOWS\temp\ZLT0753d.TMP
2008-05-13 11:57:44 256 --a-----t C:\WINDOWS\temp\ZLT0765d.TMP
2008-05-13 11:57:45 256 --a-----t C:\WINDOWS\temp\ZLT07660.TMP
2008-05-21 12:18:04 256 --a-----t C:\WINDOWS\temp\ZLT076fd.TMP
2008-05-05 22:48:55 256 --a-----t C:\WINDOWS\temp\ZLT077b2.TMP
2008-05-10 23:41:13 256 --a-----t C:\WINDOWS\temp\ZLT079ea.TMP
2008-05-02 14:04:29 256 --a-----t C:\WINDOWS\temp\ZLT07be9.TMP
2008-05-04 19:02:23 256 --a-----t C:\WINDOWS\temp\ZLT07c2e.TMP
2008-05-04 19:02:24 256 --a-----t C:\WINDOWS\temp\ZLT07c32.TMP
2008-05-11 08:10:57 256 --a-----t C:\WINDOWS\temp\ZLT07c97.TMP
2008-05-12 20:25:57 256 --a-----t C:\WINDOWS\temp\ZLT07cb0.TMP
2008-05-21 08:31:34 256 --a-----t C:\WINDOWS\temp\ZLT07cc8.TMP
2008-05-08 09:28:06 256 --a-----t C:\WINDOWS\temp\ZLT07d2c.TMP
2008-05-07 13:59:20 256 --a-----t C:\WINDOWS\temp\ZLT07ea2.TMP
2008-05-20 16:29:22 256 --a-----t C:\WINDOWS\temp\ZLT07f33.TMP
2005-08-05 17:28:22 337104 --a----c- C:\WINDOWS\Downloaded Program Files\FPDC.dll <Verified; FilePlanet.com, a division of IGN Entertainment; FilePlanet Download Control>

-*- End of Logfile -*-

Edited by jack0987654, 26 May 2008 - 10:26 PM.


BC AdBot (Login to Remove)

 


#2 ken545

ken545

    Malware Response Team


  • Malware Response Team
  • 1,685 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Space Coast of Florida
  • Local time:08:38 PM

Posted 27 June 2008 - 07:30 AM

Hello jack0987654

Welcome to the Bleeping Computer Malware Removal Forum, sorry about the delay, but the amount of people posting with infected computers is through the roof and sometimes we can't get to logs as fast as we would like to. If you have not resolved your issue and still need assistance, post a new HJT log please as your system may have changed since your original post.


Download Trendmicros Hijackthis to your desktop.
Double click it to install
Follow the prompts and by default it will install in C:\Program Files\Trendmicro\Hijackthis\Highjackthis.exe
  • Open HJT Scan and Save a Log File, it will open in Notepad
  • Go to Format and make sure Wordwrap is Unchecked
  • Go to Edit> Select All.....Edit > Copy and Paste the new log into this thread by using the Post Reply and not start a New Thread.
DO NOT have HijackThis fix anything yet. Most of what it finds will be harmless or even required.

mvp_host.pngConsumer Security 2007-2008-2009-2010-2011-2012-2013-2014



donate.gif Please consider a donation to help me keep up my fight against malware.

 

Just a reminder that threads will be closed if no response in 3 days


#3 ken545

ken545

    Malware Response Team


  • Malware Response Team
  • 1,685 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Space Coast of Florida
  • Local time:08:38 PM

Posted 07 July 2008 - 03:51 AM

Due to inactivity, this thread will now be closed. If you need this topic reopened, please contact a Staff member. Include the address of this thread in your request. This applies only to the original topic starter. Should you have a new issue, please start a New Topic.

mvp_host.pngConsumer Security 2007-2008-2009-2010-2011-2012-2013-2014



donate.gif Please consider a donation to help me keep up my fight against malware.

 

Just a reminder that threads will be closed if no response in 3 days





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users