Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Mysterious Tr/downloader.gen That Infects \system Volume Information\


  • This topic is locked This topic is locked
1 reply to this topic

#1 touchring

touchring

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:49 PM

Posted 05 June 2008 - 04:05 AM

My PC is infected by a mysterious TR/Downloader.Gen which my personal avira detects in my 'D:\System Volume Information\, and for which quarantined, but comes back again after a while.

I suspect the virus is hiding somewhere else, but each time after i caught the virus in D:\System Volume Information\, i scanned the entire PC with avira, avira reports no virus is found.

Each time the virus is found, it's reported by Avira's real-time detector, e.g.

Virus or unwanted program 'TR/Downloader.Gen [trojan]'
detected in file 'D:\System Volume Information\_restore{71FD76BF-5E13-40E4-B982-28271382B7DA}\RP772\A0157970.dll.
Action performed: Move file to quarantine


Hope someone can help take a look and please let me know if i missed out any information. Thanks. :thumbsup:

I've attached the DSS main.txt and extra.txt log as follows:


Main.txt:

Deckard's System Scanner v20071014.68
Run by joshua on 2008-06-05 17:00:06
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Percentage of Memory in Use: 76% (more than 75%).


-- HijackThis (run as joshua.exe) ----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:00:13 PM, on 6/5/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Akonix\L7 Builder\tomcat\bin\tomcat5.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
c:\vgsmweb\apache\Apache.exe
C:\Program Files\Visualtron Software Corporation\VisualGSM\visualgsmwatcher.exe
c:\vgsmweb\apache\Apache.exe
c:\smpp\SMPPReceiver.exe
c:\smpp\smppwatcher.exe
C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe
C:\Program Files\NetDecision\Bin\ServiceManager.exe
C:\Program Files\NetDecision\Bin\TrafficGrapherServer.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Visualtron Software Corporation\VisualGSM-SNMP2SMS\SnmpWatcher.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Breit Technologies\BT Reminder Buddy\BTReminderBuddy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\AIM6\aim6.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Program Files\ClickToConvert\C2CMonitor.exe
C:\Program Files\D-Link\D-Link AirPlus G+ Wireless Adapter Utility\DWLGTI.EXE
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\WINDOWS\system32\sistray.exe
C:\Program Files\Psi\psi.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Visualtron Software Corporation\VisualGSM-Email2SMS\Email2SMSService.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\JGsoft\EditPadPro6\EditPadPro.exe
C:\Program Files\Visualtron Software Corporation\VisualGSM\visualgsmserver.exe
C:\PROGRA~1\MOZILL~1\THUNDE~1.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\rundll32.exe
c:\program files\antivir personaledition classic\avcenter.exe
C:\Documents and Settings\joshua\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\joshua.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://by101w.bay101.mail.live.com/mail/In...mp;n=1317943194
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
R3 - URLSearchHook: Yahoo! ¤u¨ă¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\Program Files\ICQToolbar\toolbaru.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: Yahoo! ¤u¨ă¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Media Codec Update Service] C:\Program Files\Essentials Codec Pack\update.exe -silent
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BTReminderBuddyStartUp] C:\Program Files\Breit Technologies\BT Reminder Buddy\BTReminderBuddy.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Psi.lnk = C:\Program Files\Psi\psi.exe
O4 - Global Startup: C2CMonitor.lnk = C:\Program Files\ClickToConvert\C2CMonitor.exe
O4 - Global Startup: D-Link AirPlus G+ Wireless Adapter Utility.lnk = C:\Program Files\D-Link\D-Link AirPlus G+ Wireless Adapter Utility\DWLGTI.EXE
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Google AdSense Preview Tool - http://pagead2.googlesyndication.com/pagea...en/preview.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.pc-ap.fujitsu.com/
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {488A4255-3236-44B3-8F27-FA1AECAA8844} (CEditCtrl Object) - https://img.alipay.com/download/1007/aliedit.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1161765184585
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540001} - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {ECCBA953-80E5-11D3-9285-0080ADB811C5} (safeInput Class) - https://pbank.95559.com.cn/netpay/ocx/safe.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{24EA3B8C-E438-42B3-90D0-6B09D95C5FF6}: NameServer = 192.168.0.1
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Akonix L7 Builder Tomcat Service (AkonixL7BuilderTomcatService) - Apache Software Foundation - C:\Program Files\Akonix\L7 Builder\tomcat\bin\tomcat5.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: apachevgsm - Unknown owner - c:\vgsmweb\apache\Apache.exe
O23 - Service: VisualGSMWatcher (dmmain) - Unknown owner - C:\Program Files\Visualtron Software Corporation\VisualGSM\visualgsmwatcher.exe
O23 - Service: VisualGSM_Email2SMS (Email2SMS) - Unknown owner - C:\Program Files\Visualtron Software Corporation\VisualGSM-Email2SMS\Email2SMSService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: MNSOCKET SMPP Service - www.mnsocket.com - c:\smpp\SMPPReceiver.exe
O23 - Service: MNSOCKET SMPP Watcher - Unknown owner - c:\smpp\smppwatcher.exe
O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)
O23 - Service: NetDecision Service Manager (ND_ServiceManager) - Unknown owner - C:\Program Files\NetDecision\Bin\ServiceManager.exe
O23 - Service: OracleMTSRecoveryService - Oracle Corporation - C:\oraclexe\app\oracle\product\10.2.0\server\BIN\omtsreco.exe
O23 - Service: OracleServiceXE - Oracle Corporation - c:\oraclexe\app\oracle\product\10.2.0\server\bin\ORACLE.EXE
O23 - Service: OracleXEClrAgent - Unknown owner - C:\oraclexe\app\oracle\product\10.2.0\server\bin\OraClrAgnt.exe
O23 - Service: OracleXETNSListener - Unknown owner - C:\oraclexe\app\oracle\product\10.2.0\server\BIN\tnslsnr.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: screen-scraper - Unknown owner - C:\Program Files\screen-scraper professional edition\wrapper.exe (file missing)
O23 - Service: VisualGSM_SNMP2SMS (SnmpWatcherService) - Unknown owner - C:\Program Files\Visualtron Software Corporation\VisualGSM-SNMP2SMS\SnmpWatcher.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: VisualGSM (visualgsm) - Unknown owner - C:\Program Files\Visualtron Software Corporation\VisualGSM\visualgsmserver.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - d:\Program Files\RealVNC\VNC4\WinVNC4.exe

--
End of file - 14142 bytes

-- Files created between 2008-05-05 and 2008-06-05 -----------------------------

2008-06-05 12:31:13 0 d-------- C:\Program Files\Trend Micro
2008-06-05 02:32:14 0 d-------- C:\Program Files\MagicDVDRipper
2008-06-03 17:19:24 2076672 --a------ C:\WINDOWS\system32\libmySQL.dll
2008-06-03 00:35:18 0 d-------- C:\vgsmweb
2008-05-21 00:06:32 0 d-------- C:\Program Files\Windows Installer Clean Up
2008-05-20 20:50:02 202240 --a------ C:\pduspy.exe
2008-05-16 01:46:48 0 d-------- C:\Program Files\RTC Client API v1.3 SDK
2008-05-15 13:18:38 11024 --a------ C:\SNMPUTIL.EXE <Not Verified; Microsoft Corporation; Microsoft® Windows NT™ Operating System>
2008-05-15 00:27:38 0 d-------- C:\Program Files\Simple Failover
2008-05-14 12:30:13 0 d-------- C:\Documents and Settings\joshua\Application Data\TuneUp Software
2008-05-14 12:29:51 0 d-------- C:\Documents and Settings\All Users\Application Data\TuneUp Software
2008-05-14 12:29:34 0 d-------- C:\Program Files\TuneUp Utilities 2008
2008-05-12 23:16:07 0 d-------- C:\Program Files\Akonix
2008-05-12 10:58:33 0 d-------- C:\Documents and Settings\joshua\Application Data\Opera
2008-05-12 10:58:17 0 d-------- C:\Program Files\Opera
2008-05-11 02:50:21 0 d-------- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
2008-05-09 20:18:00 0 d-------- C:\VisualGSM
2008-05-09 19:56:52 6928 --a------ C:\WINDOWS\system32\w3svapi.dll <Not Verified; Microsoft Corporation; Internet Information Services>
2008-05-09 19:56:52 15632 --a------ C:\WINDOWS\system32\w3ctrs.dll <Not Verified; Microsoft Corporation; Internet Information Services>
2008-05-09 19:56:50 9488 --a------ C:\WINDOWS\system32\aspperf.dll <Not Verified; Microsoft Corporation; Active Server Pages>
2008-05-09 19:56:46 6416 --a------ C:\WINDOWS\system32\iisrstap.dll <Not Verified; Microsoft Corporation; Internet Information Services>
2008-05-09 19:56:46 14608 --a------ C:\WINDOWS\system32\iisreset.exe <Not Verified; Microsoft Corporation; Internet Information Services>
2008-05-09 19:56:46 6928 --a------ C:\WINDOWS\system32\ftpsapi2.dll <Not Verified; Microsoft Corporation; Internet Information Services>
2008-05-09 19:56:44 7440 --a------ C:\WINDOWS\system32\wamregps.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® 2000 Operating System>
2008-05-09 19:56:43 20752 --a------ C:\WINDOWS\system32\inetsloc.dll <Not Verified; Microsoft Corporation; Internet Information Services>
2008-05-09 19:56:43 57616 --a------ C:\WINDOWS\system32\iismap.dll <Not Verified; Microsoft Corporation; Internet Information Services>
2008-05-09 19:56:43 42768 --a------ C:\WINDOWS\system32\iisext.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® 2000 Operating System>
2008-05-09 19:56:42 14096 --a------ C:\WINDOWS\system32\exstrace.dll <Not Verified; Microsoft Corporation; Internet Information Services>
2008-05-09 19:56:42 244496 --a------ C:\WINDOWS\system32\adsiis.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® 2000 Operating System>
2008-05-09 19:56:37 8464 --a------ C:\WINDOWS\system32\staxmem.dll <Not Verified; Microsoft Corporation; Internet Information Services>
2008-05-09 19:56:37 9488 --a------ C:\WINDOWS\system32\infoctrs.dll <Not Verified; Microsoft Corporation; Internet Information Services>
2008-05-09 19:56:36 67856 --a------ C:\WINDOWS\system32\convlog.exe <Not Verified; Microsoft Corporation; Microsoft® Windows ® 2000 Operating System>
2008-05-09 19:56:36 6928 --a------ C:\WINDOWS\system32\admxprox.dll <Not Verified; Microsoft Corporation; Internet Information Services>
2008-05-09 18:42:05 12560 --a------ C:\WINDOWS\system32\infoadmn.dll <Not Verified; Microsoft Corporation; Internet Information Services>
2008-05-09 18:42:03 123664 --a------ C:\WINDOWS\system32\iisRtl.dll <Not Verified; Microsoft Corporation; Internet Information Services>
2008-05-09 18:42:03 32528 --a------ C:\WINDOWS\system32\admwprox.dll <Not Verified; Microsoft Corporation; Internet Information Services>
2008-05-09 01:07:53 0 d-------- C:\Program Files\NetDecision
2008-05-07 11:49:10 0 d-------- C:\Documents and Settings\All Users\Application Data\SNMPWatcher


-- Find3M Report ---------------------------------------------------------------

2008-07-31 13:23:30 154 --a------ C:\clearlog.bat
2008-06-05 16:15:41 0 d-------- C:\Program Files\Mozilla Thunderbird
2008-06-05 15:17:34 0 d-------- C:\Documents and Settings\joshua\Application Data\SogouPY
2008-06-05 10:58:32 0 d-------- C:\Documents and Settings\joshua\Application Data\CoreFTP
2008-06-03 21:21:05 63 --a------ C:\WINDOWS\system32\csend.dat
2008-06-03 01:32:47 0 d-------- C:\Program Files\MySQL
2008-05-16 01:56:28 0 d-------- C:\Program Files\Microsoft Office Live Communications Server Role Agent
2008-05-14 12:27:45 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-05-12 23:16:06 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-05-08 21:17:24 0 d-------- C:\Program Files\eclipse
2008-05-08 13:28:11 0 d-------- C:\Program Files\Visualtron Software Corporation
2008-05-07 01:53:05 0 d-------- C:\Program Files\ASProtect 1.35 Release
2008-05-06 03:58:35 0 d-------- C:\Program Files\SogouInput
2008-05-05 22:16:53 0 d-------- C:\Program Files\WebLog Expert Lite
2008-05-03 21:37:40 0 d-------- C:\Program Files\FastReports
2008-04-30 01:22:01 0 d-------- C:\Program Files\NSIS
2008-04-29 13:58:30 0 d-------- C:\Program Files\TntWare
2008-04-29 13:05:26 0 d-------- C:\Program Files\Bricksoft IM VCL Component
2008-04-29 03:36:13 0 d-------- C:\Program Files\ActiveDBSoft
2008-04-28 22:32:56 0 d-------- C:\Program Files\ireasoning
2008-04-28 02:20:39 0 d-------- C:\Documents and Settings\joshua\Application Data\acccore
2008-04-28 02:01:03 0 d-------- C:\Program Files\AIM6
2008-04-28 02:00:40 0 d-------- C:\Program Files\Viewpoint
2008-04-28 01:59:33 0 d-------- C:\Program Files\Common Files\AOL
2008-04-28 01:59:32 0 d-------- C:\Program Files\Common Files
2008-04-28 01:46:52 0 d-------- C:\Documents and Settings\joshua\Application Data\Yahoo!
2008-04-28 01:36:49 0 d-------- C:\Program Files\Yahoo!
2008-04-26 18:12:16 2528 --a------ C:\Documents and Settings\joshua\Application Data\$_hpcst$.hpc
2008-04-26 18:10:13 0 d-------- C:\Program Files\Microsoft ActiveSync
2008-04-26 18:09:18 0 d-------- C:\Program Files\Windows Mobile Device Handbook
2008-04-23 15:44:20 0 d-------- C:\Program Files\Messenger
2008-04-23 13:21:36 0 d-------- C:\Program Files\Google
2008-04-23 03:16:48 0 d-------- C:\Program Files\IM SDK
2008-04-20 14:46:28 4212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2008-04-15 03:51:29 0 d-------- C:\Program Files\Psi
2008-04-11 19:27:20 0 d-------- C:\Program Files\Nsasoft
2008-04-10 21:07:59 0 d-------- C:\Program Files\PHP
2008-04-10 20:08:42 0 d-------- C:\Program Files\WeOnlyDo.Com
2008-04-10 19:55:56 0 d-------- C:\Program Files\Microsoft Silverlight
2008-04-09 17:45:50 0 d-------- C:\Program Files\Microsoft SQL Server
2008-04-05 18:24:50 0 d-------- C:\Documents and Settings\joshua\Application Data\Adobe
2008-03-19 10:43:04 2790 --a------ C:\WINDOWS\system32\MUL


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}]
02/04/2008 10:41 AM 262144 --a------ C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL [02/04/2008 10:41 AM 262144]

[-HKEY_CLASSES_ROOT\CLSID\{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SiSUSBRG"="C:\WINDOWS\SiSUSBrg.exe" [07/12/2002 06:15 PM]
"SoundMan"="SOUNDMAN.EXE" [10/04/2005 02:12 PM C:\WINDOWS\soundman.exe]
"TrueImageMonitor.exe"="C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe" [01/17/2006 09:26 PM]
"Acronis Scheduler2 Service"="C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe" [01/17/2006 09:26 PM]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [08/04/2004 08:00 PM]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [08/04/2004 08:00 PM]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [08/04/2004 08:00 PM]
"avgnt"="C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" [04/15/2008 10:39 AM]
"Media Codec Update Service"="C:\Program Files\Essentials Codec Pack\update.exe" [04/09/2007 12:44 AM]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [03/13/2008 11:11 PM]
"googletalk"="C:\Program Files\Google\Google Talk\googletalk.exe" [01/02/2007 05:22 AM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [09/01/2006 03:57 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [10/18/2007 11:34 AM]
"BTReminderBuddyStartUp"="C:\Program Files\Breit Technologies\BT Reminder Buddy\BTReminderBuddy.exe" [11/13/2005 02:13 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 09:00 PM]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [11/13/2006 01:39 PM]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [08/30/2007 05:43 PM]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [03/26/2008 04:21 AM]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [03/30/2006 04:45 PM]

C:\Documents and Settings\joshua\Start Menu\Programs\Startup\
Psi.lnk - C:\Program Files\Psi\psi.exe [10/15/2007 2:18:12 AM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
C2CMonitor.lnk - C:\Program Files\ClickToConvert\C2CMonitor.exe [9/11/2007 9:36:41 PM]
D-Link AirPlus G+ Wireless Adapter Utility.lnk - C:\Program Files\D-Link\D-Link AirPlus G+ Wireless Adapter Utility\DWLGTI.EXE [10/26/2006 7:27:17 PM]
Service Manager.lnk - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [12/17/2002 5:23:32 PM]
Utility Tray.lnk - C:\WINDOWS\system32\sistray.exe [10/26/2006 7:21:04 PM]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 relog_ap

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime
"ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
"MSPY2002"=C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d60d86ef-8e5d-11db-9e55-000f3d570a2c}]
AutoRun\command- mtlhieej.cmd
explore\Command- mtlhieej.cmd
open\Command- mtlhieej.cmd




-- End of Deckard's System Scanner: finished at 2008-06-05 17:01:10 ------------






extra.txt:

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® 4 CPU 2.93GHz
Percentage of Memory in Use: 55%
Physical Memory (total/avail): 991.48 MiB / 442.83 MiB
Pagefile Memory (total/avail): 3385.6 MiB / 2858.48 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1925.37 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 39.37 GiB total, 17.3 GiB free.
D: is Fixed (NTFS) - 35.16 GiB total, 15.39 GiB free.
E: is CDROM (UDF)
F: is Fixed (NTFS) - 48.83 GiB total, 48.74 GiB free.
G: is Fixed (NTFS) - 100.22 GiB total, 67.15 GiB free.
H: is Removable (FAT32)
Y: is Network (NTFS)
Z: is Network (NTFS)

\\.\PHYSICALDRIVE0 - WDC WD800JD-55MSA1 - 74.53 GiB - 2 partitions
\PARTITION0 (bootable) - Installable File System - 39.37 GiB - C:
\PARTITION1 - Installable File System - 35.16 GiB - D:

\\.\PHYSICALDRIVE1 - Seagate External Drive USB Device - 149.05 GiB - 2 partitions
\PARTITION0 - Installable File System - 48.83 GiB - F:
\PARTITION1 - Extended w/Extended Int 13 - 100.22 GiB - G:

\\.\PHYSICALDRIVE2 - TOSHIBA TransMemory USB Device - 486.34 MiB - 1 partition
\PARTITION0 (bootable) - Unknown - 488.98 MiB - H:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FirstRunDisabled is set.

FW: ZoneAlarm Firewall v7.0.470.000 (Check Point, LTD.)
AV: Avira AntiVir PersonalEdition v8.0.1.15 (Avira GmbH)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"D:\\Program Files\\RealVNC\\VNC4\\winvnc4.exe"="D:\\Program Files\\RealVNC\\VNC4\\winvnc4.exe:192.168.0.99/255.255.255.255:Enabled:winvnc4"
"C:\\WINDOWS\\system32\\sessmgr.exe"="C:\\WINDOWS\\system32\\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\ICQLite\\ICQLite.exe"="C:\\Program Files\\ICQLite\\ICQLite.exe:*:Enabled:ICQ Lite"
"C:\\Program Files\\Visualtron Software Corporation\\VisualGSM\\visualgsmserver.exe"="C:\\Program Files\\Visualtron Software Corporation\\VisualGSM\\visualgsmserver.exe:*:Enabled:visualgsmserver"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\MG-SOFT\\SNMP-Lab\\Bin\\MgWTrap3.exe"="C:\\Program Files\\MG-SOFT\\SNMP-Lab\\Bin\\MgWTrap3.exe:*:Enabled:MG-SOFT SNMP Trap Service (SNMP Lab)"
"C:\\WINDOWS\\system32\\snmptrap.exe"="C:\\WINDOWS\\system32\\snmptrap.exe:*:Enabled:SNMP Trap Service"
"C:\\Program Files\\Google\\Google Talk\\googletalk.exe"="C:\\Program Files\\Google\\Google Talk\\googletalk.exe:*:Enabled:Google Talk"
"C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"C:\\Program Files\\AIM6\\aim6.exe"="C:\\Program Files\\AIM6\\aim6.exe:*:Enabled:AIM"


-- Environment Variables -------------------------------------------------------

AKONIX_BUILDER_HOME=C:\Program Files\Akonix\L7 Builder
AKONIX_STUDIO_HOME=C:\Program Files\Akonix\L7 Builder\L7 Studio
ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\joshua\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=JOSHUAPC
ComSpec=C:\WINDOWS\system32\cmd.exe
devmgr_show_nonpresent_devices=true
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\joshua
LOGONSERVER=\\JOSHUAPC
NpmLib=C:\Norman\Npm\Bin
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\Program Files\Mozilla Firefox\;C:\Perl\site\bin;C:\Perl\bin;C:\oraclexe\app\oracle\product\10.2.0\server\bin;C:\Inprise\vbroker\bin;C:\Program Files\Borland\Delphi7\Bin;C:\Program Files\Borland\Delphi7\Projects\Bpl\;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\PROGRA~1\Borland\Delphi6\Bin;C:\PROGRA~1\Borland\Delphi6\Projects\Bpl;C:\Program Files\Microsoft SQL Server\80\Tools\Binn\;C:\Program Files\QuickTime\QTSystem\;C:\Norman\Npm\Bin
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 4 Stepping 9, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0409
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\joshua\LOCALS~1\Temp
TMP=C:\DOCUME~1\joshua\LOCALS~1\Temp
tvdumpflags=8
USERDOMAIN=JOSHUAPC
USERNAME=joshua
USERPROFILE=C:\Documents and Settings\joshua
VBROKERDIR=C:\Inprise\vbroker
windir=C:\WINDOWS
__COMPAT_LAYER=EnableNXShowUI


-- User Profiles ---------------------------------------------------------------

joshua (admin)
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE
--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
--> C:\Program Files\InstallShield X\Universal Installer\Uninstaller\uninstall.exe
--> C:\Program Files\Nero\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
--> C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
--> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E06E4F4E-72D6-4497-BFFD-BCB43077C2F4}\SETUP.EXE" -l0x9 -uninst
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Acronis燭rue營mage --> MsiExec.exe /X{CA83357B-931E-44DC-AD43-9996FEEB8116}
Active Query Builder Demo Application --> "C:\Program Files\ActiveDBSoft\Active Query Builder Demo\unins000.exe"
ActivePerl 5.10.0 Build 1002 --> MsiExec.exe /I{49C69876-0196-4620-B237-EA334C2E40B5}
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 7.0.9 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70900000002}
Adobe Reader Chinese Traditional Fonts --> MsiExec.exe /I{AC76BA86-7AD7-2448-5A64-7E8A45000001}
AIM 6 --> C:\Program Files\AIM6\uninst.exe
Akonix L7 Builder --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D29BFE7A-5965-4B6A-A92A-93D0E5B49E42}\setup.exe" -l0x9 -removeonly
Alarm Clock v1.0 --> "C:\Program Files\Alarm Clock\unins000.exe"
aMiner v2.1.5 --> "C:\Program Files\codesworth\aMiner\unins000.exe"
Apple Software Update --> MsiExec.exe /I{55FA89BD-21D3-42F7-9249-C94C0094A83C}
ASProtect 1.35 Release --> "C:\Program Files\ASProtect 1.35 Release\unins000.exe"
Avira AntiVir Personal –Free Antivirus --> C:\Program Files\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE
Borland Delphi 6 --> MsiExec.exe /I{B7886D87-ADA4-46A0-8A8D-02AB16B9F95A}
Borland Delphi 7 --> MsiExec.exe /I{72263053-50D1-4598-9502-51ED64E54C51}
Bricksoft IM VCL Component 6.0.20080428 --> "C:\Program Files\Bricksoft IM VCL Component\unins000.exe"
BT Reminder Buddy --> "C:\Program Files\Breit Technologies\BT Reminder Buddy\unins000.exe"
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
Click to Convert 5.5 --> C:\PROGRA~1\CLICKT~1\UNWISE.EXE C:\PROGRA~1\CLICKT~1\INSTALL.LOG
CmdHere Powertoy For Windows XP --> MsiExec.exe /I{6855CCDD-BDF9-48E4-B80A-80DFB96FE36C}
Core FTP LE 1.3c --> C:\PROGRA~1\CoreFTP\UNWISE.EXE C:\PROGRA~1\CoreFTP\INSTALL.LOG
Core Lab dbExpress driver for MS SQL 2.50.6 --> C:\Program Files\CoreLab\DbxSda\Uninst.exe
Core Lab dbExpress driver for MySQL 3.00.1 --> C:\Program Files\CoreLab\DbxMda\Uninst.exe
D-Link AirPlus G+ Wireless Adapter Utility --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A2F67EA3-0721-4E0D-A7B9-AE8F321303AF}\Setup.exe" -l0x9
DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Converter --> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
EMS DB Extract 2005 for SQL Server --> MsiExec.exe /X{16BD411A-2E67-41E4-ABCE-52BBB670B87C}
FastScript --> "C:\Program Files\FastReports\FastScript\Uninstall.exe" "C:\Program Files\FastReports\FastScript\install.log"
Flash Movie Player 1.5 --> C:\Program Files\Flash Movie Player\uninst.exe
FLV Player --> "C:\WINDOWS\FLV Player\uninstall.exe" "/U:C:\Program Files\FLV Player\Uninstall\uninstall.xml"
FLV Player 2.0, build 23 --> C:\Program Files\FLV Player\uninst.exe
Google Talk (remove only) --> "C:\Program Files\Google\Google Talk\uninstall.exe"
GSiteCrawler --> C:\PROGRA~1\SOFTplus\GSITEC~1\UNWISE.EXE C:\PROGRA~1\SOFTplus\GSITEC~1\INSTALL.LOG
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
ICQ 5.1 --> C:\Program Files\ICQLite\ICQLiteUninstall.EXE
ICQ Toolbar --> regsvr32 /u /s "C:\Program Files\ICQToolbar\toolbaru.dll"
Indy 10 for Delphi 6 --> "C:\Program Files\Indy 10 for Delphi 6\unins000.exe"
Indy 9 for Delphi 6 --> "C:\Program Files\Indy 9 for Delphi 7\unins000.exe"
Infot Database Browser --> MsiExec.exe /X{81096B98-0094-47C3-8DC1-E02FC327C5C5}
Infot Directory Manager --> MsiExec.exe /X{667655A7-4292-4842-A449-D7DE73624A39}
InstallShield PackageForTheWeb 4 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2B4A8B8B-5F5B-11D5-8B3C-00105A9846E9}\setup.exe" -l0x9
InstallShield X --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FABC8838-8153-480F-B084-F7ADB138EBEE}\setup.exe" -l0x9 -removeonly
J2SE Runtime Environment 5.0 Update 10 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150100}
J2SE Runtime Environment 5.0 Update 11 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110}
J2SE Runtime Environment 5.0 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
J2SE Runtime Environment 5.0 Update 9 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150090}
Java™ 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java™ 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java™ 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
JGsoft EditPad Pro 6 DEMO 6.2.2 --> C:\WINDOWS\UnDeploy.exe "C:\Program Files\JGsoft\EditPadPro6\Deploy.log"
Kaspersky Online Scanner --> C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
Macromedia Dreamweaver 8 --> MsiExec.exe /I{0837A661-FEC3-48B3-876C-91E7D32048A9}
Macromedia Dreamweaver UltraDev 4 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{ABDA9912-5D00-11D4-BAE7-9367CA097955}\Setup.exe" mmUninstall
Macromedia Extension Manager --> MsiExec.exe /I{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}
Magic DVD Ripper V5.3 build 4 --> "C:\Program Files\MagicDVDRipper\unins000.exe"
Microsoft ActiveSync --> MsiExec.exe /I{99052DB7-9592-4522-A558-5417BBAD48EE}
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Silverlight --> MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2000 --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Microsoft SQL Server\MSSQL\Uninst.isu" -c"C:\Program Files\Microsoft SQL Server\MSSQL\sqlsun.dll" -msql.mif i=MSSQLSERVER
Microsoft SQL Server Desktop Engine (VISUALGSM2) --> MsiExec.exe /X{E09B48B5-E141-427A-AB0C-D3605127224A}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Mozilla Firefox (1.5.0.12) --> C:\Program Files\Mozilla Firefox\uninstall\uninstall.exe /ua "1.5.0.12 (en-US)"
Mozilla Thunderbird (1.5.0.14) --> C:\PROGRA~1\MOZILL~1\uninstall\uninstall.exe /ua "1.5.0.14 (en-US)"
MSN Search Web Service SDK (Beta) --> MsiExec.exe /I{ECA4DF76-9601-4948-8F56-27843F147C90}
MySQL ODBC 3.51 Driver --> C:\WINDOWS\system32\UNWISE.EXE C:\WINDOWS\system32\MYODBC~1.LOG
MySQL Server 5.0 --> MsiExec.exe /I{608FFCC7-7237-47BB-ABD5-8341754A3BBA}
Nero 7 Essentials --> MsiExec.exe /I{233AFE94-F772-BF69-541B-907821172052}
NetDecision --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{1A360BCC-4F70-49C6-831E-01166698B877}
Nullsoft Install System --> "C:\Program Files\NSIS\uninst-nsis.exe"
Opera 9.27 --> MsiExec.exe /X{503D6E3E-1A48-44F5-BB7C-EB3B593FAED0}
Oracle Data Provider for .NET Help --> MsiExec.exe /I{6AA003BF-73E5-4911-ADB7-71DD5674DDD4}
Oracle Database 10g Express Edition --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{F0BC0F9E-C4A8-485C-93ED-424DB9EA3F75} /l1033
PADGen 2.0.2.30 --> "C:\Program Files\PADGen\unins000.exe"
Panda ActiveScan --> C:\WINDOWS\system32\ASUninst.exe Panda ActiveScan
PDF reDirect (remove only) --> C:\Program Files\PDF reDirect\Uninstall.exe
PowerTCP Mail Tool --> C:\PROGRA~1\PowerTCP\MAILTO~1\UNWISE.EXE C:\PROGRA~1\PowerTCP\MAILTO~1\INSTALL.LOG
Psi (remove only) --> C:\Program Files\Psi\uninstall.exe
PuTTY version 0.53b --> "C:\Program Files\PuTTY\unins000.exe"
QuickTime --> MsiExec.exe /I{F07B861C-72B9-40A4-8B1A-AAED4C06A7E8}
QuickVCD Player 3.4 --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\QuickVCD Player\Uninst.isu"
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek AC'97 Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" -l0x9 -removeonly
REALTEK Gigabit and Fast Ethernet NIC Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{94FB906A-CF42-4128-A509-D353026A607E}\SETUP.EXE" -l0x9 REMOVE
Role Agent for Microsoft Office Live Communications Server 2005 --> MsiExec.exe /X{24D2280E-3589-489D-921B-1C1674DCF685}
RTC Client API v1.2 --> MsiExec.exe /X{44CDBD1B-89FB-4E02-8319-2A4C550F664A}
RTC Client API v1.3 --> MsiExec.exe /X{143DF9B1-5534-4F84-BBC6-65B2154D8A34}
RTC Client API V1.3 SDK and Samples --> MsiExec.exe /X{934D6176-210A-4FA5-BEE6-5285BA1B9F12}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Simple Failover --> MsiExec.exe /X{A30F17D2-747A-44B2-86B1-EF874638D361}
SiS VGA Utilities --> Rundll32 SiSInst.dll,Uninstall VGA,R
SoftV92 Data Fax Modem with SmartCP --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200014F1\HXFSETUP.EXE -U -IVEN_14F1&DEV_2F20&SUBSYS_200014F1
Sogou Chinese Input (3.3.0.0838) --> "C:\Program Files\SogouInput\Uninstall.exe"
StuffPlug 3 --> C:\Program Files\StuffPlug3\Uninstall.exe
SureThing CD Labeler Deluxe 4 Trial --> C:\WINDOWS\mvuninst\App1\mvuninst.exe "SureThing CD Labeler Deluxe 4 Trial"
TntWare Delphi Unicode Controls [2.3.0] --> "C:\Program Files\TntWare\Delphi Unicode Controls\unins000.exe"
TuneUp Utilities 2008 --> MsiExec.exe /I{5888428E-699C-4E71-BF71-94EE06B497DA}
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
VIGOS Gsitemap 0.97a --> "C:\Program Files\VIGOS Gsitemap 0.97a\unins000.exe"
VisiBroker for Cpp 4.5 --> C:\WINDOWS\ISUNINST.EXE -fC:\Inprise\vbroker\vbcppdev.isu -cC:\Inprise\vbroker\bin\register.dll
VisualGSM Enterprise --> C:\Program Files\Visualtron Software Corporation\VisualGSM\uninstall.exe
VisualGSM Enterprise Server Addons --> MsiExec.exe /I{39A59BFB-9F88-4880-A897-6E94AB9391FF}
VisualGSM Enterprise Server SNMP2SMS Addon --> "C:\Program Files\Visualtron Software Corporation\VisualGSM-SNMP2SMS\Uninstall.exe"
VNC Free Edition 4.1.2 --> "d:\Program Files\RealVNC\VNC4\unins000.exe"
Web Data Extractor 6.0 --> "C:\Program Files\Web Data Extractor 6.0\unins000.exe"
whois 2.7 --> "C:\Program Files\Nsasoft\whois\unins000.exe"
Windows Essentials Media Codec Pack 1.0 --> C:\Program Files\Essentials Codec Pack\uninst.exe
Windows Installer Clean Up --> MsiExec.exe /I{121634B0-2F4A-11D3-ADA3-00C04F52DD52}
Windows Live installer --> MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Messenger --> MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live Sign-in Assistant --> MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Messenger 5.1 --> MsiExec.exe /I{A44413DC-17D5-4F0B-A128-8B590B20323C}
Windows Mobile®Device Handbook --> C:\Program Files\Windows Mobile Device Handbook\Windows Mobile Device Handbook\Bin\DHUninstall.exe
WinPcap 3.1 --> C:\Program Files\WinPcap\uninstall.exe
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
WinSCP 4.0.6 --> "C:\Program Files\WinSCP\unins000.exe"
Wireshark 0.99.4 --> "C:\Program Files\Wireshark\uninstall.exe"
Yahoo! Browser Services --> C:\PROGRA~1\Yahoo!\Common\UNIN_Y~1.EXE /S
Yahoo! Messenger --> C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
Yahoo! uㄣC --> C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE
ZoneAlarm --> C:\Program Files\Zone Labs\ZoneAlarm\zauninst.exe
ZoneAlarm Spy Blocker --> rundll32 C:\PROGRA~1\ZONEAL~1\bar\1.bin\SpyBlock.dll,O


-- Application Event Log -------------------------------------------------------

Event Record #/Type10967 / Success
Event Submitted/Written: 06/05/2008 03:25:13 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type10962 / Error
Event Submitted/Written: 06/05/2008 03:17:56 PM
Event ID/Source: 4609 / EventSystem
Event Description:
The COM+ Event System detected a bad return code during its internal processing. HRESULT was 8007043C from line 44 of d:\qxp_slp\com\com1x\src\events\tier1\eventsystemobj.cpp. Please contact Microsoft Product Support Services to report this error.

Event Record #/Type10961 / Warning
Event Submitted/Written: 06/05/2008 03:17:53 PM
Event ID/Source: 1015 / MsiInstaller
Event Description:
Failed to connect to server. Error: 0x8007043C

Event Record #/Type10959 / Error
Event Submitted/Written: 06/05/2008 11:56:34 AM
Event ID/Source: 4614 / EventSystem
Event Description:
The COM+ Event System detected an inconsistency in its internal state. The assertion "GetLastError() == 122L" failed at line 201 of d:\qxp_slp\com\com1x\src\events\shared\sectools.cpp. Please contact Microsoft Product Support Services to report this error.

Event Record #/Type10958 / Warning
Event Submitted/Written: 06/05/2008 11:54:45 AM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type64455 / Error
Event Submitted/Written: 06/05/2008 03:58:56 PM
Event ID/Source: 7031 / Service Control Manager
Event Description:
The visualgsm service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

Event Record #/Type64431 / Error
Event Submitted/Written: 06/05/2008 03:24:17 PM
Event ID/Source: 7022 / Service Control Manager
Event Description:
The visualgsm service hung on starting.

Event Record #/Type64429 / Error
Event Submitted/Written: 06/05/2008 03:21:52 PM
Event ID/Source: 10020 / DCOM
Event Description:
The machine wide Default Launch and Activation security descriptor is invalid. It contains Access Control Entries with permissions that are invalid. The requested action was therefore not performed. This security permission can be corrected using the Component Services administrative tool.

Event Record #/Type64428 / Error
Event Submitted/Written: 06/05/2008 03:21:52 PM
Event ID/Source: 10020 / DCOM
Event Description:
The machine wide Default Launch and Activation security descriptor is invalid. It contains Access Control Entries with permissions that are invalid. The requested action was therefore not performed. This security permission can be corrected using the Component Services administrative tool.

Event Record #/Type64427 / Error
Event Submitted/Written: 06/05/2008 03:21:12 PM
Event ID/Source: 10020 / DCOM
Event Description:
The machine wide Default Launch and Activation security descriptor is invalid. It contains Access Control Entries with permissions that are invalid. The requested action was therefore not performed. This security permission can be corrected using the Component Services administrative tool.



-- End of Deckard's System Scanner: finished at 2008-06-05 16:01:58 ------------

Edited by touchring, 05 June 2008 - 04:50 AM.


BC AdBot (Login to Remove)

 


#2 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:02:49 AM

Posted 06 June 2008 - 05:50 AM

Already receiving help at another forum, so this thread is closed. :thumbsup:
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users