Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Not Sure What It Is - Please Help


  • This topic is locked This topic is locked
6 replies to this topic

#1 twentythree

twentythree

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:03:43 AM

Posted 10 June 2008 - 12:30 AM

Hi iv been having a problem with spyware i think but its the first time because i always have antivirus and antispyware installed and it never got through but somehow did now. I have windows vista SP1 with bitdefender total security and spysweeper installed. Both did scans and both found infections so i deleted the infections and i still get the symptoms. A few probs i experience is that whenever i start up mozilla and search the net suddenly my explorer.exe restarts . Sometimes i cant even go onto the net. And almost all the time i get popups for add sites. I used to have multiple internet explorer instances starting indefinitely which was quite irritating, they would only stop replicating once i had ended the process in task manager. So im guessing it might be virtumonde or maybe vundo but just in case here is the hijackthis log:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 07:29:36 AM, on 2008/06/10
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\DigitalPersona\Bin\DPAgnt.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Windows\SOUNDMAN.EXE
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Windows\System32\sev32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Windows\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Users\Dan\Documents\Downloads\HiJackThis.exe
C:\Windows\System32\rserver30\FamItrfc.Exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [DPAgnt] "C:\Program Files\DigitalPersona\Bin\DPAgnt.exe"
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKLM\..\Run: [Microsoft32] sev32.exe
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKLM\..\RunServices: [Microsoft32] sev32.exe
O4 - HKCU\..\Run: [Sidebar] "C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\Dan\AppData\Local\Temp\qomnMEXp.dll,c
O4 - HKCU\..\Run: [BM37c6f72d] Rundll32.exe "C:\Users\Dan\AppData\Local\Temp\uweunyno.dll",s
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O15 - Trusted Zone: http://www.adobe.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{4A8D4EC0-6F41-40ED-BF6A-6BCA36ADE5A9}: NameServer = 196.43.34.190,196.43.64.190
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - AppInit_DLLs: ,C:\Windows\system32\rserver30\r3god.dll
O20 - Winlogon Notify: DPWLN - C:\Windows\system32\DPWLEvHd.dll
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: BugSoft AnyTrial (AnyTrial) - Dr.Pc Putte Corp ;) - C:\Windows\AnyTrial.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Biometric Authentication Service (DpHost) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DpHost.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: Radmin Server V3 (RServer3) - Famatech International Corp. - C:\Windows\System32\rserver30\rserver3.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe

--
End of file - 9008 bytes

If anyone can help it would be much appreciated, thanks

BC AdBot (Login to Remove)

 


#2 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:06:43 PM

Posted 13 June 2008 - 12:42 AM

Hello twentythree,

Please do everything at this site

Preparation Guide for use before posting about your potential Malware problem

then post the Kaspersky log and the DSS Main and Extra logs.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 twentythree

twentythree
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:03:43 AM

Posted 17 June 2008 - 12:23 PM

okay here are the results:

Deckard's System Scanner v20071014.68
Run by Dan on 2008-06-17 19:15:36
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Percentage of Memory in Use: 83% (more than 75%).
Total Physical Memory: 1022 MiB (1024 MiB recommended).


-- HijackThis (run as Dan.exe) -------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 07:16:11 PM, on 2008/06/17
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\DigitalPersona\Bin\DPAgnt.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Windows\SOUNDMAN.EXE
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\Windows\vsnpstd2.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Windows\System32\rserver30\FamItrfc.Exe
C:\Users\Dan\Documents\Downloads\dss.exe
C:\Users\Dan\DOCUME~1\DOWNLO~1\Dan.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [DPAgnt] "C:\Program Files\DigitalPersona\Bin\DPAgnt.exe"
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKLM\..\Run: [Microsoft32] sev32.exe
O4 - HKLM\..\Run: [snpstd2] C:\Windows\vsnpstd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKLM\..\RunServices: [Microsoft32] sev32.exe
O4 - HKCU\..\Run: [Sidebar] "C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [IDMan] "C:\Program Files\Internet Download Manager\IDMan.exe" /onboot
O4 - HKCU\..\Run: [Speech Recognition] "C:\Windows\Speech\Common\sapisvr.exe" -SpeechUX -Startup
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O15 - Trusted Zone: http://www.adobe.com
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD42/JSCDL/jre/6u...ows-i586-jc.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4A8D4EC0-6F41-40ED-BF6A-6BCA36ADE5A9}: NameServer = 196.43.34.190,196.43.64.190
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - AppInit_DLLs: ,C:\Windows\system32\rserver30\r3god.dll
O20 - Winlogon Notify: DPWLN - C:\Windows\system32\DPWLEvHd.dll
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: BugSoft AnyTrial (AnyTrial) - Dr.Pc Putte Corp ;) - C:\Windows\AnyTrial.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Biometric Authentication Service (DpHost) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DpHost.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: Radmin Server V3 (RServer3) - Famatech International Corp. - C:\Windows\System32\rserver30\rserver3.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe

--
End of file - 9737 bytes

-- Files created between 2008-05-17 and 2008-06-17 -----------------------------

2008-06-16 15:13:11 0 d-------- C:\Windows\Sun
2008-06-16 15:07:34 0 d-------- C:\Program Files\Java
2008-06-16 15:01:38 0 d-------- C:\Program Files\Common Files\Java
2008-06-12 21:07:55 57344 --a------ C:\Windows\system32\rsnpstd2.dll <Not Verified; ; ResourceDLL>
2008-06-12 21:07:55 343808 --a------ C:\Windows\system32\drivers\snpstd2.sys <Not Verified; ; PC Camera driver>
2008-06-12 21:07:52 65536 --a------ C:\Windows\amcap.exe
2008-06-12 21:07:52 0 d-------- C:\Program Files\Common Files\Trek310
2008-06-12 21:07:50 0 d-------- C:\Windows\Album
2008-06-12 21:07:44 0 d-------- C:\Program Files\Trek 310
2008-06-12 15:47:35 171280 --a------ C:\Windows\system32\jit.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-06-12 15:47:35 46352 --a------ C:\Windows\setdebug.exe <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-06-12 15:47:34 139536 --a------ C:\Windows\system32\javaee.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-06-12 15:47:34 313856 --a------ C:\Windows\system32\dx3j.dll <Not Verified; Microsoft Corporation; Microsoft® DirectX for Java>
2008-06-12 15:47:34 6550 --a------ C:\Windows\jautoexp.dat
2008-06-12 15:47:02 0 d-------- C:\Windows\Java
2008-06-12 15:46:56 113 --a------ C:\Windows\system32\zonedon.reg
2008-06-12 15:46:56 113 --a------ C:\Windows\system32\zonedoff.reg
2008-06-12 15:46:56 171792 --a------ C:\Windows\system32\wjview.exe <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-06-12 15:46:56 286992 --a------ C:\Windows\system32\vmhelper.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-06-12 15:46:55 21264 --a------ C:\Windows\system32\msjdbc10.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-06-12 15:46:55 945936 --a------ C:\Windows\system32\msjava.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-06-12 15:46:55 154384 --a------ C:\Windows\system32\msawt.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-06-12 15:46:54 172304 --a------ C:\Windows\system32\jview.exe <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-06-12 15:46:54 15120 --a------ C:\Windows\system32\jdbgmgr.exe <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-06-12 15:46:53 404752 --a------ C:\Windows\system32\javart.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-06-12 15:46:52 63248 --a------ C:\Windows\system32\javaprxy.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-06-12 15:46:52 187152 --a------ C:\Windows\system32\javacypt.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-06-12 15:46:51 49424 --a------ C:\Windows\system32\clspack.exe <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-06-09 16:56:14 138240 --a------ C:\Windows\system32\radcrk.scr
2008-06-09 16:08:34 0 d-------- C:\Windows\system32\rserver30
2008-06-09 16:06:52 0 d-------- C:\Program Files\Radmin Viewer 3.0
2008-06-08 21:44:00 0 d-------- C:\Program Files\MOBILedit!
2008-06-08 20:51:58 0 d-------- C:\Windows\system32\Samsung_USB_Drivers
2008-06-08 20:51:11 5632 --a------ C:\Windows\system32\drivers\StarOpen.sys
2008-06-08 20:49:28 0 d-------- C:\Program Files\Samsung
2008-06-08 16:18:09 0 d-------- C:\Users\All Users\BitDefender
2008-06-08 15:58:04 0 d-------- C:\Program Files\Internet Download Manager
2008-06-08 15:50:41 0 d-------- C:\Users\All Users\Webroot
2008-06-08 15:50:41 0 d-------- C:\Program Files\Webroot
2008-06-08 13:06:00 0 d-------- C:\Windows\system32\appmgmt
2008-06-08 12:27:28 0 d-------- C:\Users\All Users\WindowsSearch
2008-06-07 08:20:22 162304 --a------ C:\Windows\system32\ztvunrar36.dll
2008-06-07 08:20:22 77312 --a------ C:\Windows\system32\ztvunace26.dll
2008-06-07 08:20:22 69632 --a------ C:\Windows\system32\ztvcabinet.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® 2000 Operating System>
2008-06-07 08:20:22 75264 --a------ C:\Windows\system32\unacev2.dll
2008-06-07 08:20:21 153088 --a------ C:\Windows\system32\unrar3.dll
2008-06-07 08:20:10 0 d-------- C:\Users\All Users\Simply Super Software
2008-06-07 05:29:41 17408 --ahs---- C:\Windows\AnyTrial.exe <Not Verified; Dr.Pc Putte Corp ;); AnyTrial>
2008-06-07 05:22:10 0 d-------- C:\Users\All Users\Elaborate Bytes
2008-06-05 18:01:04 0 d-------- C:\Users\Dan\{c1810939-28ae-4b71-9746-6e3694b4bdab}
2008-06-05 16:48:30 0 d-------- C:\Users\All Users\BVRP Software
2008-06-05 16:48:30 0 d-------- C:\Program Files\Avanquest update
2008-06-05 15:59:28 0 d-------- C:\Users\All Users\Sony Ericsson
2008-06-05 15:59:28 0 d-------- C:\Program Files\Sony Ericsson
2008-06-05 15:59:28 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-06-05 15:39:09 0 d-------- C:\Program Files\MyPhoneExplorer
2008-06-03 19:06:52 0 d--hs---- C:\Users\Mcx1\Templates
2008-06-03 19:06:52 0 d--hs---- C:\Users\Mcx1\Start Menu
2008-06-03 19:06:52 0 d--hs---- C:\Users\Mcx1\SendTo
2008-06-03 19:06:52 0 d--hs---- C:\Users\Mcx1\Recent
2008-06-03 19:06:52 0 d--hs---- C:\Users\Mcx1\PrintHood
2008-06-03 19:06:52 0 d--hs---- C:\Users\Mcx1\NetHood
2008-06-03 19:06:52 0 d--hs---- C:\Users\Mcx1\My Documents
2008-06-03 19:06:52 0 d--hs---- C:\Users\Mcx1\Local Settings
2008-06-03 19:06:52 0 d--hs---- C:\Users\Mcx1\Cookies
2008-06-03 19:06:52 0 d--hs---- C:\Users\Mcx1\Application Data
2008-06-03 19:06:48 0 dr------- C:\Users\Mcx1\Videos
2008-06-03 19:06:48 0 d-------- C:\Users\Mcx1\Saved Games
2008-06-03 19:06:48 0 dr------- C:\Users\Mcx1\Pictures
2008-06-03 19:06:48 262144 --ahs---- C:\Users\Mcx1\NTUSER.DAT
2008-06-03 19:06:48 0 dr------- C:\Users\Mcx1\Music
2008-06-03 19:06:48 0 dr------- C:\Users\Mcx1\Links
2008-06-03 19:06:48 0 dr------- C:\Users\Mcx1\Favorites
2008-06-03 19:06:48 0 dr------- C:\Users\Mcx1\Downloads
2008-06-03 19:06:48 0 dr------- C:\Users\Mcx1\Documents <DOCUME~1>
2008-06-03 19:06:48 0 dr------- C:\Users\Mcx1\Desktop
2008-06-03 19:06:48 0 d--h----- C:\Users\Mcx1\AppData
2008-06-02 17:39:19 0 d-------- C:\Users\All Users\Lavasoft
2008-06-02 17:31:18 0 d-------- C:\Users\All Users\Adobe
2008-06-02 17:30:37 0 d-------- C:\Program Files\Common Files\Adobe
2008-06-01 16:55:05 0 d-------- C:\Users\All Users\Spybot - Search & Destroy
2008-06-01 16:49:39 0 d-------- C:\Program Files\CCleaner
2008-05-31 11:55:57 0 d-------- C:\Program Files\iPod
2008-05-31 11:55:32 0 d-------- C:\Program Files\iTunes
2008-05-31 11:53:34 0 d-------- C:\Program Files\Bonjour
2008-05-31 11:50:32 0 d-------- C:\Program Files\QuickTime
2008-05-31 11:50:31 0 d-------- C:\Users\All Users\Apple Computer
2008-05-31 11:48:51 0 d-------- C:\Program Files\Apple Software Update
2008-05-31 11:45:02 0 d-------- C:\Program Files\Common Files\Apple
2008-05-31 11:44:58 0 d-------- C:\Users\All Users\Apple
2008-05-30 15:30:22 0 d-------- C:\Program Files\VideoLAN
2008-05-29 12:40:43 0 d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-05-28 14:54:26 0 --a------ C:\Windows\system32\SBRC.dat
2008-05-28 14:54:26 0 --a------ C:\Windows\system32\SBFC.dat
2008-05-28 09:56:43 0 d-------- C:\Users\All Users\MassGrid
2008-05-28 09:56:42 0 d-------- C:\Program Files\MassGrid
2008-05-28 09:52:36 0 d-------- C:\Program Files\Google
2008-05-27 22:42:40 0 d-------- C:\Users\All Users\SlySoft
2008-05-27 22:41:01 0 d-------- C:\Program Files\SlySoft
2008-05-27 21:35:59 0 d-------- C:\Program Files\NeroInstall.bak
2008-05-27 20:15:34 0 d-------- C:\Users\All Users\Nero
2008-05-27 20:15:34 0 d-------- C:\Program Files\Nero
2008-05-27 20:15:34 0 d-------- C:\Program Files\Common Files\Nero
2008-05-27 19:32:22 0 d-------- C:\Users\All Users\Messenger Plus!
2008-05-27 18:42:11 0 d-------- C:\Users\All Users\DFX
2008-05-27 18:41:56 0 d-------- C:\Program Files\DFX
2008-05-27 17:41:08 0 d-------- C:\Program Files\Messenger Plus! Live
2008-05-27 17:19:12 0 d-------- C:\Program Files\Winamp
2008-05-27 16:16:02 0 d-------- C:\Program Files\BitDefender
2008-05-27 16:13:52 0 d-------- C:\Program Files\Common Files\BitDefender
2008-05-27 13:54:53 0 d-------- C:\Program Files\uTorrent
2008-05-27 11:25:34 0 d-------- C:\Program Files\Microsoft Silverlight
2008-05-27 11:25:22 0 d-------- C:\Program Files\MSXML 4.0
2008-05-27 11:08:48 0 d-------- C:\Windows\Panther
2008-05-27 11:08:33 0 d--hs---- C:\Boot
2008-05-27 11:07:58 0 d-------- C:\Windows\system32\OEM
2008-05-27 11:07:58 59 -ra------ C:\Windows\DELL_VERSION
2008-05-27 08:28:09 7105 --a------ C:\Windows\bthservsdp.dat
2008-05-27 08:10:57 0 d-------- C:\Program Files\BitLocker
2008-05-27 08:04:17 0 d-------- C:\Users\Dan\dwhelper
2008-05-27 07:51:59 0 d-------- C:\Users\All Users\WEBREG
2008-05-27 07:41:06 0 d-------- C:\Users\All Users\HPSSUPPLY
2008-05-27 07:38:46 0 d-------- C:\Program Files\Hewlett-Packard
2008-05-27 07:38:46 0 d-------- C:\Program Files\Common Files\Hewlett-Packard
2008-05-27 07:38:21 0 d-------- C:\Program Files\Common Files\HP
2008-05-27 07:36:56 0 d-------- C:\Users\All Users\Hewlett-Packard
2008-05-27 07:33:32 117760 --a------ C:\Windows\system32\hpz3l4v2.dll <Not Verified; Hewlett-Packard Company; Language Monitor>
2008-05-27 07:33:25 0 d-------- C:\Program Files\HP
2008-05-27 07:32:37 130834 --a------ C:\Windows\hpoins18.dat
2008-05-27 07:32:32 0 d-------- C:\Users\All Users\HP
2008-05-27 07:32:28 258048 --a------ C:\Windows\system32\hpzids01.dll <Not Verified; Hewlett-Packard; HP Installer>
2008-05-27 07:32:27 675840 --a------ C:\Windows\system32\hpowiav1.dll <Not Verified; Hewlett-Packard; hpowiav1.dll>
2008-05-27 07:32:27 303104 --a------ C:\Windows\system32\hpovst01.dll <Not Verified; Hewlett-Packard Co.; hp digital imaging - hp all-in-one series>
2008-05-27 07:32:27 897024 --a------ C:\Windows\system32\hpotiop1.dll <Not Verified; Hewlett-Packard Co.; hp digital imaging - hp all-in-one series>
2008-05-27 07:32:26 6600 --a------ C:\Windows\hpomdl18.dat
2008-05-27 07:22:57 0 d-------- C:\Program Files\Microsoft Works
2008-05-27 07:22:52 0 d-------- C:\Windows\system32\Macromed
2008-05-27 07:21:07 0 d-------- C:\Program Files\Microsoft.NET
2008-05-27 07:19:24 0 d-------- C:\Program Files\Microsoft Visual Studio 8
2008-05-27 07:17:44 0 d-------- C:\Users\All Users\Microsoft Help
2008-05-27 07:13:17 0 dr-h----- C:\MSOCache
2008-05-27 07:10:09 0 d-------- C:\Program Files\Elaborate Bytes
2008-05-27 03:05:18 0 d-------- C:\New Folder (2)
2008-05-27 02:58:34 0 d-------- C:\Users\All Users\ATI
2008-05-27 02:53:23 0 --a------ C:\Windows\ativpsrm.bin
2008-05-27 02:52:20 0 d-------- C:\Program Files\ATI
2008-05-27 02:52:03 0 d-------- C:\Program Files\ATI Technologies
2008-05-27 02:51:26 0 d-------- C:\ATI
2008-05-27 02:36:59 0 d-------- C:\Program Files\Microsoft IntelliPoint
2008-05-27 02:35:24 0 d-------- C:\Users\Dan\Tracing
2008-05-27 02:33:50 0 d-------- C:\Program Files\Windows Live
2008-05-27 02:31:42 0 d-------- C:\Program Files\Microsoft IntelliType Pro
2008-05-27 02:31:34 0 d-------- C:\Windows\PCHEALTH
2008-05-27 02:29:37 0 d-------- C:\Windows\DPDrv
2008-05-27 02:29:36 0 d-------- C:\Program Files\DigitalPersona
2008-05-27 02:29:09 0 d--hs---- C:\Windows\Installer
2008-05-27 02:29:00 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-05-27 01:57:26 0 d-------- C:\PerfLogs
2008-05-27 01:46:15 152576 --a------ C:\Windows\system32\SPWizUI.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-27 01:26:08 0 dr------- C:\Users\Dan\Searches
2008-05-27 01:24:17 0 dr------- C:\Users\Dan\Contacts
2008-05-27 01:24:10 0 dr------- C:\Users\Dan\Videos
2008-05-27 01:24:10 0 d--hs---- C:\Users\Dan\Templates
2008-05-27 01:24:10 0 d--hs---- C:\Users\Dan\Start Menu
2008-05-27 01:24:10 0 d--hs---- C:\Users\Dan\SendTo
2008-05-27 01:24:10 0 dr------- C:\Users\Dan\Saved Games
2008-05-27 01:24:10 0 d--hs---- C:\Users\Dan\Recent
2008-05-27 01:24:10 0 d--hs---- C:\Users\Dan\PrintHood
2008-05-27 01:24:10 0 dr------- C:\Users\Dan\Pictures
2008-05-27 01:24:10 3145728 --ahs---- C:\Users\Dan\NTUSER.DAT
2008-05-27 01:24:10 0 d--hs---- C:\Users\Dan\NetHood
2008-05-27 01:24:10 0 d--hs---- C:\Users\Dan\My Documents
2008-05-27 01:24:10 0 dr------- C:\Users\Dan\Music
2008-05-27 01:24:10 0 d--hs---- C:\Users\Dan\Local Settings
2008-05-27 01:24:10 0 dr------- C:\Users\Dan\Links
2008-05-27 01:24:10 0 dr------- C:\Users\Dan\Favorites
2008-05-27 01:24:10 0 dr------- C:\Users\Dan\Downloads
2008-05-27 01:24:10 0 dr------- C:\Users\Dan\Documents <DOCUME~1>
2008-05-27 01:24:10 0 dr------- C:\Users\Dan\Desktop
2008-05-27 01:24:10 0 d--hs---- C:\Users\Dan\Cookies
2008-05-27 01:24:10 0 d--hs---- C:\Users\Dan\Application Data
2008-05-27 01:24:10 0 d--h----- C:\Users\Dan\AppData
2008-05-27 01:23:52 171136 -rahs---- C:\grldr
2008-05-27 01:12:46 0 d-------- C:\Windows\SoftwareDistribution
2008-05-27 01:11:24 0 d-------- C:\Windows\Debug
2008-05-27 01:11:24 0 d-------- C:\Windows\CSC
2008-05-27 01:09:55 0 d-------- C:\Windows\Prefetch
2008-05-27 01:09:40 0 d--hs---- C:\System Volume Information


-- Find3M Report ---------------------------------------------------------------

2008-06-17 19:18:50 0 d-------- C:\Users\Dan\AppData\Roaming\uTorrent
2008-06-17 18:36:22 0 d-------- C:\Users\Dan\AppData\Roaming\DMCache
2008-06-16 15:01:38 0 d-------- C:\Program Files\Common Files
2008-06-12 03:21:44 0 d-------- C:\Program Files\Windows Mail
2008-06-09 17:03:41 0 d-------- C:\Users\Dan\AppData\Roaming\Radmin
2008-06-08 21:04:55 0 d-------- C:\Users\Dan\AppData\Roaming\Samsung
2008-06-08 20:51:36 0 d-------- C:\Users\Dan\AppData\Roaming\IDM
2008-06-08 16:22:29 0 d-------- C:\Users\Dan\AppData\Roaming\BitDefender
2008-06-08 15:50:41 0 d-------- C:\Users\Dan\AppData\Roaming\Webroot
2008-06-07 08:20:39 0 d-------- C:\Users\Dan\AppData\Roaming\Simply Super Software
2008-06-05 19:04:43 0 d-------- C:\Users\Dan\AppData\Roaming\MyPhoneExplorer
2008-06-05 15:58:05 0 d-------- C:\Users\Dan\AppData\Roaming\InstallShield
2008-06-05 14:10:04 0 d-------- C:\Users\Dan\AppData\Roaming\Adobe
2008-05-31 11:57:34 0 d-------- C:\Users\Dan\AppData\Roaming\Apple Computer
2008-05-30 18:05:03 0 d-------- C:\Users\Dan\AppData\Roaming\vlc
2008-05-28 14:04:27 0 d-------- C:\Users\Dan\AppData\Roaming\Sunbelt Software
2008-05-28 09:56:44 0 d-------- C:\Users\Dan\AppData\Roaming\MassGrid
2008-05-28 09:39:58 0 d-------- C:\Users\Dan\AppData\Roaming\MessengerGadget
2008-05-28 09:07:55 0 d-------- C:\Users\Dan\AppData\Roaming\SystemGadgets
2008-05-27 20:29:04 0 d-------- C:\Users\Dan\AppData\Roaming\Nero
2008-05-27 19:27:42 0 d-------- C:\Users\Dan\AppData\Roaming\App Launcher Gadget
2008-05-27 18:41:54 0 d-------- C:\Users\Dan\AppData\Roaming\Winamp
2008-05-27 15:38:13 0 d-------- C:\Users\Dan\AppData\Roaming\WinRAR
2008-05-27 15:37:36 0 d-------- C:\Users\Dan\AppData\Roaming\Macromedia
2008-05-27 08:10:51 0 d-------- C:\Program Files\Microsoft Games
2008-05-27 07:52:40 0 d-------- C:\Users\Dan\AppData\Roaming\Mozilla
2008-05-27 07:41:29 0 d-------- C:\Users\Dan\AppData\Roaming\HP
2008-05-27 07:22:43 0 d-------- C:\Program Files\MSBuild
2008-05-27 02:58:34 0 d-------- C:\Users\Dan\AppData\Roaming\ATI
2008-05-27 02:57:50 0 d-------- C:\Users\Dan\AppData\Roaming\DigitalPersona
2008-05-27 02:04:10 174 --ahs---- C:\Program Files\desktop.ini
2008-05-27 01:58:15 0 d-------- C:\Program Files\Windows Sidebar
2008-05-27 01:58:15 0 d-------- C:\Program Files\Windows Calendar
2008-05-27 01:58:15 0 d-------- C:\Program Files\Movie Maker
2008-05-27 01:58:14 0 d-------- C:\Program Files\Windows Photo Gallery
2008-05-27 01:58:14 0 d-------- C:\Program Files\Windows Journal
2008-05-27 01:58:14 0 d-------- C:\Program Files\Windows Collaboration
2008-05-27 01:58:11 0 d-------- C:\Program Files\Windows Defender
2008-05-27 01:24:19 0 d-------- C:\Users\Dan\AppData\Roaming\Identities
2008-04-11 17:23:54 38400 --a------ C:\Windows\system32\SoundSchemes.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-03-26 02:52:49 73728 --a------ C:\Windows\system32\ElbyVCD.dll <Not Verified; Elaborate Bytes AG; Elaborate Bytes VirtualCloneDrive>


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2008/01/18 11:38 PM]
"DPAgnt"="C:\Program Files\DigitalPersona\Bin\DPAgnt.exe" [2006/10/09 04:27 PM]
"itype"="C:\Program Files\Microsoft IntelliType Pro\itype.exe" [2007/08/31 12:13 PM]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2007/08/31 12:01 PM]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008/01/21 12:17 PM]
"VirtualCloneDrive"="C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2006/04/29 03:21 PM]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007/08/24 07:00 AM]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006/12/10 09:52 PM]
"SoundMan"="SOUNDMAN.EXE" [2007/03/09 04:28 PM C:\Windows\SOUNDMAN.EXE]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008/02/18 05:29 PM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008/01/11 10:16 PM]
"BitDefender Antiphishing Helper"="C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe" [2007/10/09 03:46 PM]
"BDAgent"="C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe" [2008/06/09 05:29 PM]
"Microsoft32"="sev32.exe" []
"snpstd2"="C:\Windows\vsnpstd2.exe" [2007/04/13 01:52 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008/03/25 04:28 AM]
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2008/01/04 08:56 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008/01/18 11:33 PM]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" []
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008/02/28 06:07 PM]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008/01/18 11:33 PM]
"IDMan"="C:\Program Files\Internet Download Manager\IDMan.exe" [2008/06/08 03:59 PM]
"Speech Recognition"="C:\Windows\Speech\Common\sapisvr.exe" [2008/01/18 11:33 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
"Microsoft32"=sev32.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [1/2/2007 9:40:10 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)
"EnableUIADesktopToggle"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DPWLN ]
C:\Windows\system32\DPWLEvHd.dll 2006/10/09 04:27 PM 99856 C:\Windows\System32\DPWLEvHd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=,C:\Windows\system32\rserver30\r3god.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Notification Packages"= scecli DPPWDFLT

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\34f5c4b1]
rundll32.exe "C:\Users\Dan\AppData\Local\Temp\iklkvdmi.dll",b

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BM37c6f72d]
Rundll32.exe "C:\Users\Dan\AppData\Local\Temp\fmburkij.dll",s

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BugSoft AnyTrial]
C:\Users\Dan\Downloads\AnyTrialControl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
"C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSServer]
rundll32.exe C:\Windows\system32\ssqNFuss.dll,#1

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\QTTask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalService nsi lltdsvc SSDPSRV upnphost SCardSvr w32time EventSystem RemoteRegistry WinHttpAutoProxySvc lanmanworkstation TBS SLUINotify THREADORDER fdrespub netprofm fdphost wcncsvc QWAVE Mcx2Svc WebClient SstpSvc
HPZ12 Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt hpqcxs08 hpqddsvc
GPSvcGroup GPSvc
bthsvcs BthServ
bdx scan


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7070D8E0-650A-46b3-B03C-9497582E6A74}]
%SystemRoot%\system32\soundschemes.exe /AddRegistration



-- End of Deckard's System Scanner: finished at 2008-06-17 19:19:37 ------------


thanks any help would be appreciated

#4 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:06:43 PM

Posted 17 June 2008 - 12:49 PM

Hi twentythree

You forgot to post the Kaspersky log.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#5 twentythree

twentythree
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:03:43 AM

Posted 17 June 2008 - 01:13 PM

oh didnt think it was relevant, here it is

Attached Files



#6 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:06:43 PM

Posted 17 June 2008 - 01:54 PM

Hi twentythree,

Trail "Cheater" programs (BugSoft anytrial) can cause more problems than they are worth. :thumbsup:

If you want continued help here, then uninstall program before we continue.

If that is agreeable, then do the following:


1.Download the HostsXpert from here: http://www.funkytoad.com/download/HostsXpert.zip
2. Install the program and run it.
3. Press 'Restore MS Hosts File' button and press 'OK'
4. Exit Program.
5. Reboot your computer.


Note: Vista can be "difficult" about mucking with any file in the Windows path. To be safe, right click on the shortcut (or the executable itself) and select 'Run as Administrator'




Before running a new scan let's clean out the temporary folders.

Download ATF Cleaner to your Desktop.
  • Double-click ATF-Cleaner.exe to run the program.
  • Click Select All found at the bottom of the list.
  • Click the Empty Selected button.
If you use Firefox browser, do this also:
  • Click Firefox at the top and choose Select All from the list.
  • Click the Empty Selected button.
  • NOTE : If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser, do this also:
  • Click Opera at the top and choose Select All from the list.
  • Close ALL Internet browsers (very important).
  • Click the Empty Selected button.
  • NOTE : If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.

Now download OTScanIt.exe to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt on your desktop.

Note: You must be logged on to the system with an account that has Administrator privileges to run this program.
  • Close ALL OTHER PROGRAMS.
  • Open the OTScanIt folder and double-click on OTScanIt.exe to start the program (if you are running on Vista then right-click the program and choose Run as Administrator).
  • In the Drivers section click on Non-Microsoft.
  • Under Additional Scans click the checkboxes in front of the following items to select them:
    • Reg - BotCheck

      File - Additional Folder Scans

  • Do not change any other settings.
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
  • Save the file to your desktop or other location where you can find it back.
Use the Add Reply button and attach the file in your next post.
If the file is too big to post, then you can upload it to me here.

Edited by SifuMike, 17 June 2008 - 02:05 PM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#7 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:06:43 PM

Posted 24 June 2008 - 04:53 PM

Due to inactivity, this thread will now be closed. If you need this topic reopened, please contact me or a member of the HJT Team and we will reopen it for you. Include the address of this thread in your request. If you should have a new issue, please start a new topic. This applies only to the original topic starter. Everyone else please begin a New Topic.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users