Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected With Winspooler And Winsecure


  • This topic is locked This topic is locked
2 replies to this topic

#1 EddY777

EddY777

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:06:52 AM

Posted 26 June 2008 - 08:36 PM

Hi i have winsecure and winspooler and i cant seem to find a way to remove it

Winspooler says...Patch applied succesfully! If your software is still trial maybe you need to install it before patch it.

Winsecure says....Trial software registered! Remember to install correct software version before to patch or crack will not works correctly.



Deckard's System Scanner v20071014.68
Run by EddY El Beatmaker on 2008-06-26 20:19:48
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- Last 5 Restore Point(s) --
17: 2008-06-26 23:07:31 UTC - RP82 - Windows Update
16: 2008-06-26 15:55:54 UTC - RP81 - Windows Update
15: 2008-06-26 15:47:32 UTC - RP80 - Windows Update
14: 2008-06-26 03:01:18 UTC - RP79 - Windows Update
13: 2008-06-25 23:15:19 UTC - RP78 - Windows Update


-- First Restore Point --
1: 2008-06-23 16:56:33 UTC - RP64 - Windows Vista Service Pack 1


Backed up registry hives.
Performed disk cleanup.



-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-06-26 20:21:51
Platform: Windows Vista (6.00.6000)
MSIE: Internet Explorer (7.00.6000.16386)
Boot mode: Normal

Running processes:
C:\Windows\System32\dwm.exe
C:\Windows\explorer.exe
C:\Windows\System32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Windows\System32\WinSecure.exe
C:\Windows\System32\WinSpooler.exe
C:\Windows\System32\igfxsrvc.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\System32\WinSecure.exe
C:\Program Files\LimeWire Turbo Accelerator\LimeWire Turbo Accelerator.exe
C:\Windows\System32\WinSpooler.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\EddY El Beatmaker\Downloads\dss(2).exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?wl=true
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
F0 - system.ini: Shell=Explorer.exe
F2 - REG:system.ini: Shell=Explorer.exe
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - blank (file missing)
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\Program Files\Spyware Doctor\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\GoogleToolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\Program Files\Spyware Doctor\tools\iesdpb.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar1.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [LXCFCATS] rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\LXCFtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [PCTAVApp] "C:\Program Files\PC Tools AntiVirus\PCTAV.exe" /MONITORSCAN
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Spyware Doctor] C:\PROGRA~1\SPYWAR~1\swdoctor.exe /Q
O4 - HKCU\..\Policies\Explorer\Run: [Windows Security Tool] WinSecure.exe
O4 - HKCU\..\Policies\Explorer\Run: [Windows Printing Driver] WinSpooler.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q (User 'Default user')
O4 - Startup: LimeWire Turbo Accelerator.lnk = C:\Program Files\LimeWire Turbo Accelerator\LimeWire Turbo Accelerator.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\Program Files\Spyware Doctor\tools\iesdpb.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} (TSEasyInstallX Control) - http://www.trendsecure.com/easy_install/_a...asyInstallX.CAB
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - blank (file missing)
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Windows\System32\AERTSrv.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxcf_device - Unknown owner - C:\Windows\System32\lxcfcoms.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools - C:\Program Files\Spyware Doctor\sdhelp.exe


--
End of file - 8069 bytes

-- File Associations -----------------------------------------------------------

.reg - regfile - shell\open\command - regedit.exe "%1" %*
.scr - scrfile - shell\open\command - "%1" %*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 ISODrive (ISO DVD/CD-ROM Device Driver) - \??\c:\program files\ultraiso\drivers\isodrive.sys
R3 CLEDX (Team H2O CLEDX service) - c:\windows\system32\drivers\cledx.sys <Not Verified; Team H2O; CLEDX>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 Bonjour Service - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Inc.; Bonjour>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-06-25 18:06:14 432 --a------ C:\Windows\Tasks\Norton Security Scan.job
2008-06-19 21:00:23 278 --a------ C:\Windows\Tasks\Check Updates for Windows Live Toolbar.job


-- Files created between 2008-05-26 and 2008-06-26 -----------------------------

2008-06-26 12:05:00 0 d-------- C:\Users\All Users\Yahoo! Companion
2008-06-26 11:23:19 0 d-------- C:\Program Files\Disney
2008-06-24 12:26:00 0 d-------- C:\Program Files\Yahoo!
2008-06-24 12:25:55 0 d-------- C:\Program Files\CCleaner
2008-06-24 11:00:04 0 d-------- C:\Program Files\Click-2U
2008-06-24 10:35:42 0 d-------- C:\Users\All Users\Malwarebytes
2008-06-24 10:35:41 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-23 20:56:37 0 d-------- C:\Program Files\PC Tools AntiVirus
2008-06-23 20:54:26 0 d-------- C:\Program Files\Spyware Doctor
2008-06-23 20:22:03 0 d-------- C:\Program Files\Persystems
2008-06-23 16:57:09 0 d-------- C:\Users\All Users\ESET
2008-06-23 16:29:58 0 d-------- C:\VundoFix Backups
2008-06-23 15:55:26 1466368 --a------ C:\Windows\system32\WinSpooler.exe
2008-06-23 15:52:28 1470464 --a------ C:\Windows\system32\WinSecure.exe
2008-06-23 15:52:26 37888 --a------ C:\Windows\system32\rar.exe <Not Verified; Microsoft Corporation; Microsoft® Windows ® 2000 Operating System>
2008-06-23 15:08:57 0 d-------- C:\Program Files\Passware
2008-06-23 12:47:48 0 d-------- C:\Program Files\NoLimits Coasters v1.6
2008-06-23 11:58:55 0 d-------- C:\Program Files\LimeWire Turbo Accelerator
2008-06-23 11:58:26 0 d-------- C:\Program Files\LimeWire
2008-06-23 11:40:22 0 d-------- C:\Users\All Users\Kaspersky Lab Setup Files
2008-06-23 11:19:08 0 d-------- C:\Program Files\Common Files\Java
2008-06-23 11:07:39 0 d-------- C:\Program Files\iPod
2008-06-23 11:07:37 0 d-------- C:\Program Files\iTunes
2008-06-21 21:27:01 0 d-------- C:\divx
2008-06-21 21:23:58 0 d-------- C:\Program Files\Common Files\PX Storage Engine
2008-06-21 21:23:56 0 d-------- C:\Program Files\DivX
2008-06-21 18:20:53 0 d-------- C:\Program Files\Bonjour
2008-06-21 18:19:53 0 d-------- C:\Program Files\QuickTime
2008-06-21 18:19:50 0 d-------- C:\Users\All Users\Apple Computer
2008-06-21 18:18:59 0 d-------- C:\Program Files\Apple Software Update
2008-06-21 18:17:53 0 d-------- C:\Users\All Users\Apple
2008-06-21 18:17:53 0 d-------- C:\Program Files\Common Files\Apple
2008-06-21 17:40:30 0 d-------- C:\Program Files\gui
2008-06-21 15:08:49 33792 --a------ C:\Windows\system32\drivers\cledx.sys <Not Verified; Team H2O; CLEDX>
2008-06-21 12:36:48 0 d-------- C:\Users\All Users\Syncrosoft
2008-06-20 20:52:45 0 d-------- C:\Program Files\Scream Machines
2008-06-20 19:32:42 0 d-------- C:\Program Files\NoLimits Demo v1.262
2008-06-20 19:03:40 239 --a------ C:\Windows\PowerReg.dat
2008-06-20 19:03:37 45568 -ra------ C:\Windows\UniFish3.exe
2008-06-20 18:58:45 0 d-------- C:\Program Files\Syncrosoft
2008-06-20 18:20:25 0 d-------- C:\Program Files\UltraISO
2008-06-20 18:20:25 0 d-------- C:\Program Files\Common Files\EZB Systems
2008-06-20 17:33:28 0 d-------- C:\Program Files\DAN NFO Viewer
2008-06-20 15:02:45 0 d-------- C:\Windows\PCHEALTH
2008-06-20 14:43:32 0 d-------- C:\Users\All Users\avg8
2008-06-20 14:04:06 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-06-20 14:03:01 0 d-------- C:\Users\All Users\Symantec
2008-06-20 13:12:53 0 d-------- C:\Program Files\Norton Security Scan
2008-06-20 12:56:42 0 d-------- C:\Program Files\Tone2
2008-06-20 12:52:00 0 d-------- C:\Program Files\Edirol
2008-06-20 12:47:11 0 d-------- C:\Windows\system32\Adobe
2008-06-20 12:45:14 0 d-------- C:\Program Files\Microsoft Silverlight
2008-06-20 12:44:30 0 d-------- C:\Windows\system32\RTCOM
2008-06-20 12:14:21 0 d-------- C:\Program Files\discoDSP
2008-06-20 12:09:50 0 d-------- C:\Users\All Users\IK Multimedia
2008-06-20 12:00:09 0 d-------- C:\Users\All Users\Azureus
2008-06-20 11:59:41 0 d-------- C:\Program Files\Vuze
2008-06-20 11:30:04 0 d-------- C:\Program Files\LUXONIX
2008-06-20 11:21:04 0 d-------- C:\Program Files\Antares Audio Technologies
2008-06-19 22:29:19 0 d-------- C:\Program Files\Zune
2008-06-19 20:59:56 0 d-------- C:\Program Files\Windows Live Toolbar
2008-06-19 20:59:54 0 d-------- C:\Program Files\Windows Live Favorites
2008-06-19 19:57:09 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
2008-06-19 19:56:37 0 d-------- C:\Program Files\Windows Live
2008-06-19 19:56:14 0 d-------- C:\Users\All Users\WLInstaller
2008-06-19 16:49:31 0 d-------- C:\Program Files\VstPlugins
2008-06-19 15:30:45 0 d-------- C:\Program Files\Steinberg
2008-06-19 15:26:22 0 d-------- C:\Program Files\Common Files\Native Instruments
2008-06-19 15:26:16 0 d-------- C:\Program Files\Common Files\Digidesign
2008-06-19 15:25:55 0 d-------- C:\Program Files\Native Instruments
2008-06-19 15:24:45 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-06-19 15:24:06 0 d-------- C:\Program Files\DigiDesign
2008-06-19 15:24:03 0 d-------- C:\Program Files\IK Multimedia
2008-06-19 15:23:02 0 d-------- C:\Program Files\Common Files\InstallShield
2008-06-19 15:21:17 0 d-------- C:\Windows\Panther
2008-06-19 15:20:33 0 d-------- C:\Windows\system32\OEM
2008-06-19 15:20:33 36 -rah----- C:\Windows\DELL_VERSION
2008-06-19 14:30:09 0 d-------- C:\Windows\SoftwareDistribution
2008-06-19 14:28:56 0 d-------- C:\Windows\Debug
2008-06-19 14:22:19 0 d-------- C:\Windows\Prefetch
2008-06-19 13:59:17 0 d-------- C:\Program Files\Java
2008-06-19 13:51:27 0 d-a------ C:\Users\All Users\TEMP
2008-06-19 13:48:01 0 d-------- C:\Windows\system32\x64
2008-06-19 13:43:28 0 d-------- C:\Users\All Users\Google
2008-06-19 13:38:57 0 d-------- C:\Windows\system32\Macromed
2008-06-19 13:36:14 0 d-------- C:\Users\All Users\Google Updater
2008-06-19 13:36:10 0 d-------- C:\Program Files\Google
2008-06-19 13:11:32 0 d-------- C:\Program Files\ASIO4ALL v2
2008-06-19 13:11:09 225280 --a------ C:\Windows\system32\rewire.dll <Not Verified; Propellerhead Software AB; ReWire>
2008-06-19 13:10:38 0 d-------- C:\Program Files\Outsim
2008-06-19 13:08:29 0 d-------- C:\Program Files\Image-Line
2008-06-19 13:06:35 0 d-------- C:\Program Files\Lx_cats
2008-06-19 13:00:35 0 d-------- C:\Program Files\Lexmark 730 Series
2008-06-19 13:00:16 274432 --a------ C:\Windows\system32\lxcfinst.dll
2008-06-19 13:00:15 323584 --a------ C:\Windows\system32\lxcfhcp.dll <Not Verified; ; Printer Communication System>
2008-06-19 13:00:10 643072 --a------ C:\Windows\system32\lxcfpmui.dll <Not Verified; ; Printer Communication System>
2008-06-19 13:00:06 696320 --a------ C:\Windows\system32\lxcfhbn3.dll <Not Verified; ; Printer Communication System>
2008-06-19 12:56:07 0 d--hs---- C:\Windows\Installer
2008-06-19 12:55:55 53248 --a------ C:\Windows\system32\CSVer.dll <Not Verified; Windows XP Bundled build C-Centric Single User; Windows XP Bundled build C-Centric Single User CSVer>
2008-06-19 12:55:55 0 d-------- C:\Program Files\Intel
2008-06-19 12:53:58 0 d-------- C:\Program Files\PocketRAR
2008-06-19 12:40:36 0 dr------- C:\Users\EddY El Beatmaker\Searches
2008-06-19 12:40:24 0 dr------- C:\Users\EddY El Beatmaker\Contacts
2008-06-19 12:40:16 0 dr------- C:\Users\EddY El Beatmaker\Videos
2008-06-19 12:40:16 0 d--hs---- C:\Users\EddY El Beatmaker\Templates
2008-06-19 12:40:16 0 d--hs---- C:\Users\EddY El Beatmaker\Start Menu
2008-06-19 12:40:16 0 d--hs---- C:\Users\EddY El Beatmaker\SendTo
2008-06-19 12:40:16 0 dr------- C:\Users\EddY El Beatmaker\Saved Games
2008-06-19 12:40:16 0 d--hs---- C:\Users\EddY El Beatmaker\Recent
2008-06-19 12:40:16 0 d--hs---- C:\Users\EddY El Beatmaker\PrintHood
2008-06-19 12:40:16 0 dr------- C:\Users\EddY El Beatmaker\Pictures
2008-06-19 12:40:16 1835008 --ahs---- C:\Users\EddY El Beatmaker\NTUSER.DAT
2008-06-19 12:40:16 0 d--hs---- C:\Users\EddY El Beatmaker\NetHood
2008-06-19 12:40:16 0 d--hs---- C:\Users\EddY El Beatmaker\My Documents
2008-06-19 12:40:16 0 dr------- C:\Users\EddY El Beatmaker\Music
2008-06-19 12:40:16 0 d--hs---- C:\Users\EddY El Beatmaker\Local Settings
2008-06-19 12:40:16 0 dr------- C:\Users\EddY El Beatmaker\Links
2008-06-19 12:40:16 0 dr------- C:\Users\EddY El Beatmaker\Favorites
2008-06-19 12:40:16 0 dr------- C:\Users\EddY El Beatmaker\Downloads
2008-06-19 12:40:16 0 dr------- C:\Users\EddY El Beatmaker\Documents
2008-06-19 12:40:16 0 dr------- C:\Users\EddY El Beatmaker\Desktop
2008-06-19 12:40:16 0 d--hs---- C:\Users\EddY El Beatmaker\Cookies
2008-06-19 12:40:16 0 d--hs---- C:\Users\EddY El Beatmaker\Application Data
2008-06-19 12:40:16 0 d--h----- C:\Users\EddY El Beatmaker\AppData
2008-05-30 18:22:48 802816 --a------ C:\Windows\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2008-05-30 18:22:48 823296 --a------ C:\Windows\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-30 18:22:48 823296 --a------ C:\Windows\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-30 18:22:46 815104 --a------ C:\Windows\system32\divx_xx0a.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-30 18:22:46 683520 --a------ C:\Windows\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-29 16:17:10 0 d-------- C:\PerfLogs
2008-05-27 22:22:51 0 d-------- C:\DVDVideoSoft


-- Find3M Report ---------------------------------------------------------------

2008-06-25 15:27:20 0 d-------- C:\Users\EddY El Beatmaker\AppData\Roaming\Azureus
2008-06-24 10:35:43 0 d-------- C:\Users\EddY El Beatmaker\AppData\Roaming\Malwarebytes
2008-06-23 21:46:41 0 d-------- C:\Users\EddY El Beatmaker\AppData\Roaming\LimeWire
2008-06-23 20:54:26 0 d-------- C:\Users\EddY El Beatmaker\AppData\Roaming\PC Tools
2008-06-23 16:58:45 0 d-------- C:\Users\EddY El Beatmaker\AppData\Roaming\ESET
2008-06-23 16:32:33 0 d-------- C:\Users\EddY El Beatmaker\AppData\Roaming\Google
2008-06-23 11:19:08 0 d-------- C:\Program Files\Common Files
2008-06-21 21:24:25 0 d-------- C:\Users\EddY El Beatmaker\AppData\Roaming\DivX
2008-06-21 18:22:23 0 d-------- C:\Users\EddY El Beatmaker\AppData\Roaming\Apple Computer
2008-06-20 20:30:56 0 d-------- C:\Users\EddY El Beatmaker\AppData\Roaming\Waves Audio
2008-06-20 17:35:22 0 d-------- C:\Users\EddY El Beatmaker\AppData\Roaming\Atari
2008-06-20 13:57:28 0 d-------- C:\Users\EddY El Beatmaker\AppData\Roaming\Mozilla
2008-06-20 13:27:32 0 d-------- C:\Users\EddY El Beatmaker\AppData\Roaming\Steinberg
2008-06-20 12:09:50 0 d-------- C:\Users\EddY El Beatmaker\AppData\Roaming\InstallShield
2008-06-20 09:07:49 174 --ahs---- C:\Program Files\desktop.ini
2008-06-19 23:34:54 0 d-------- C:\Program Files\Windows Calendar
2008-06-19 23:34:53 0 d-------- C:\Program Files\Windows Mail
2008-06-19 23:34:52 0 d-------- C:\Program Files\Windows Defender
2008-06-19 23:34:49 0 d-------- C:\Program Files\Windows Sidebar
2008-06-19 13:51:28 0 d-------- C:\Users\EddY El Beatmaker\AppData\Roaming\CleanMyPC Software
2008-06-19 13:39:16 0 d-------- C:\Users\EddY El Beatmaker\AppData\Roaming\Macromedia
2008-06-19 13:39:16 0 d-------- C:\Users\EddY El Beatmaker\AppData\Roaming\Adobe
2008-06-19 12:55:36 0 d-------- C:\Users\EddY El Beatmaker\AppData\Roaming\WinRAR
2008-06-19 12:40:26 0 d-------- C:\Users\EddY El Beatmaker\AppData\Roaming\Identities
2008-05-22 17:22:18 3596288 --a------ C:\Windows\system32\qt-dx331.dll
2008-05-22 17:19:46 196608 --a------ C:\Windows\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2008-05-22 17:19:46 81920 --a------ C:\Windows\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2008-05-22 17:18:54 12288 --a------ C:\Windows\system32\DivXWMPExtType.dll


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [06/19/2008 02:15 PM]
"LXCFCATS"="C:\Windows\system32\spool\DRIVERS\W32X86\3\LXCFtime.dll" [09/14/2005 09:39 AM]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [02/11/2008 08:13 PM]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [02/11/2008 08:13 PM]
"Persistence"="C:\Windows\system32\igfxpers.exe" [02/11/2008 08:13 PM]
"Zune Launcher"="c:\Program Files\Zune\ZuneLauncher.exe" [04/29/2008 07:56 PM]
"RtHDVCpl"="RtHDVCpl.exe" [01/17/2008 07:22 AM C:\Windows\RtHDVCpl.exe]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [05/27/2008 10:50 AM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [06/02/2008 11:13 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [03/25/2008 04:28 AM]
"PCTAVApp"="C:\Program Files\PC Tools AntiVirus\PCTAV.exe" [10/25/2005 03:00 PM]
"RegistryMechanic"="" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [06/19/2008 01:59 PM]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [06/19/2008 01:36 PM]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [10/18/2007 11:34 AM]
"Spyware Doctor"="C:\PROGRA~1\SPYWAR~1\swdoctor.exe" [10/12/2005 10:06 AM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Spyware Doctor"="C:\Program Files\Spyware Doctor\swdoctor.exe" /Q

C:\Users\EddY El Beatmaker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
LimeWire Turbo Accelerator.lnk - C:\Program Files\LimeWire Turbo Accelerator\LimeWire Turbo Accelerator.exe [1/17/2008 2:29:02 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]
"Windows Security Tool"=WinSecure.exe
"Windows Printing Driver"=WinSpooler.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Shell"="Explorer.exe "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{41121202-1534-5130-3250-532021500235}]
c:\windows\winlogon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI



-- End of Deckard's System Scanner: finished at 2008-06-26 20:22:32 ------------



Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft® Windows Vista™ Home Premium (build 6000)
Architecture: X86; Language: English

CPU 0: Intel® Core™2 Duo CPU E4500 @ 2.20GHz
Percentage of Memory in Use: 32%
Physical Memory (total/avail): 3060.56 MiB / 2077.05 MiB
Pagefile Memory (total/avail): 6309.12 MiB / 5380.91 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1924.41 MiB

C: is Fixed (NTFS) - 455.71 GiB total, 321.4 GiB free.
D: is Fixed (NTFS) - 10 GiB total, 5.91 GiB free.
E: is CDROM (No Media)
F: is CDROM (No Media)
G: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - SAMSUNG HD501LJ ATA Device - 465.76 GiB - 3 partitions
\PARTITION0 - Unknown - 47.03 MiB
\PARTITION1 - Installable File System - 10 GiB - D:
\PARTITION2 (bootable) - Installable File System - 455.71 GiB - C:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

AS: Windows Defender v1.1.1505.0 (Microsoft Corporation)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\WINDOWS\\winlogon.exe"="C:\\WINDOWS\\winlogon.exe"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\ProgramData
APPDATA=C:\Users\EddY El Beatmaker\AppData\Roaming
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_06\lib\ext\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=EDDYELBEATMA-PC
ComSpec=C:\Windows\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Users\EddY El Beatmaker
LOCALAPPDATA=C:\Users\EddY El Beatmaker\AppData\Local
LOGONSERVER=\\EDDYELBEATMA-PC
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Program Files\Intel\DMIX;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 13, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0f0d
ProgramData=C:\ProgramData
ProgramFiles=C:\Program Files
PROMPT=$P$G
PUBLIC=C:\Users\Public
QTJAVA=C:\Program Files\Java\jre1.6.0_06\lib\ext\QTJava.zip
SystemDrive=C:
SystemRoot=C:\Windows
TEMP=C:\Users\EDDYEL~1\AppData\Local\Temp
TMP=C:\Users\EDDYEL~1\AppData\Local\Temp
USERDOMAIN=EddYElBeatma-PC
USERNAME=EddY El Beatmaker
USERPROFILE=C:\Users\EddY El Beatmaker
windir=C:\Windows


-- User Profiles ---------------------------------------------------------------

EddY El Beatmaker


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
--> MsiExec.exe /I{403EF592-953B-4794-BCEF-ECAB835C2095}
Adobe Flash Player ActiveX --> C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Shockwave Player --> C:\Windows\System32\Adobe\SHOCKW~1\UNWISE.EXE C:\Windows\System32\Adobe\SHOCKW~1\Install.log
Antares Auto-Tune v4.39 --> C:\PROGRA~1\ANTARE~1\AUTO-T~1\AIRLOG~1\AT4\UNWISE.EXE C:\PROGRA~1\ANTARE~1\AUTO-T~1\AIRLOG~1\AT4\INSTALL.LOG
Apple Mobile Device Support --> MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
ASIO4ALL --> C:\Program Files\ASIO4ALL v2\uninstall.exe
Bonjour --> MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
Collab --> C:\Program Files\Image-Line\Collab\uninstall.exe
discoDSP Discovery VSTi v2.9 --> "C:\Program Files\discoDSP\Uninstall\unins000.exe"
Disney Pirates of the Caribbean Online --> C:\Program Files\Disney\Disney Online\PiratesOnline\uninst.exe
DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter --> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Edirol HQ Orchestral v1.01 --> C:\PROGRA~1\Edirol\ORCHES~1\UNWISE.EXE C:\PROGRA~1\Edirol\ORCHES~1\INSTALL.LOG
Edirol Super Quartet v1.52 TALiO --> C:\PROGRA~1\Edirol\SUPERQ~1.52\UNWISE.EXE C:\PROGRA~1\Edirol\SUPERQ~1.52\INSTALL.LOG
FL Studio 8 --> C:\Program Files\Image-Line\FL Studio 8\uninstall.exe
Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
Google Updater --> "C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
Highlight Viewer (Windows Live Toolbar) --> MsiExec.exe /X{A5C4AD72-25FE-4899-B6DF-6D8DF63C93CF}
IL Download Manager --> C:\Program Files\Image-Line\Downloader\uninstall.exe
Intel® Graphics Media Accelerator Driver --> C:\Windows\system32\igxpun.exe -uninstall
Intel® Network Connections 13.0.42.0 --> MsiExec.exe /i{2223FC2F-B862-4F83-BC9E-DDF2DADF2859} ARPREMOVE=1
Intel® Network Connections 13.0.42.0 --> MsiExec.exe /i{2223FC2F-B862-4F83-BC9E-DDF2DADF2859} ARPREMOVE=1
iTunes --> MsiExec.exe /I{9F70BF98-003C-491D-81FC-FF9792206AF0}
Java™ 6 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160060}
Korg Legacy Collection VSTi v1.0.02 --> C:\PROGRA~1\IMAGE-~1\FLSTUD~1\Plugins\VST\LEGACY~1\UNWISE.EXE C:\PROGRA~1\IMAGE-~1\FLSTUD~1\Plugins\VST\LEGACY~1\INSTALL.LOG
Lexmark 730 Series --> C:\Program Files\Lexmark 730 Series\Install\x86\Uninst.exe
LimeWire PRO 4.17.3 --> "C:\Program Files\LimeWire\uninstall.exe"
LimeWire Turbo Accelerator --> C:\Program Files\LimeWire Turbo Accelerator\uninstall.exe
LUXONIX Ravity(S) v1.4 --> C:\PROGRA~1\LUXONIX\RAVITY~1\UNWISE.EXE C:\PROGRA~1\LUXONIX\RAVITY~1\INSTALL.LOG
Malwarebytes' Anti-Malware --> "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Map Button (Windows Live Toolbar) --> MsiExec.exe /X{7745B7A9-F323-4BB9-9811-01BF57A028DA}
Microsoft Silverlight --> MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mozilla Firefox (3.0) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Native Instruments Absynth 4 --> C:\PROGRA~1\NATIVE~1\ABSYNT~1\UNWISE.EXE C:\PROGRA~1\NATIVE~1\ABSYNT~1\INSTALL.LOG
Native Instruments Pro-53 --> C:\PROGRA~1\NATIVE~1\Pro-53\UNWISE.EXE C:\PROGRA~1\NATIVE~1\Pro-53\INSTALL.LOG
NoLimits Coasters 1.7 (remove only) --> "C:\Program Files\NoLimits Coasters v1.6\uninstall.EXE"
Norton Security Scan --> MsiExec.exe /I{48B82226-75E3-4E90-92CC-D30F79EA6380}
Passware Kit Enterprise 8.0 --> C:\Program Files\Passware\un-kit_ent.exe
PC Tools AntiVirus 2.0 --> "C:\Program Files\PC Tools AntiVirus\unins000.exe"
Playstation 2 Emulator 1.00.48 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B1AFB194-4577-4A33-9815-49845F8F42E9}\setup.exe" -l0x9 -removeonly
Pocket RAR documentation --> C:\Program Files\PocketRAR\uninstall.exe
PoiZone --> C:\Program Files\Image-Line\PoiZone\uninstall.exe
QuickTime --> MsiExec.exe /I{08CA9554-B5FE-4313-938F-D4A417B81175}
Realtek High Definition Audio Driver --> RtlUpd.exe -r -m
Registry Mechanic 5.0 --> "C:\Program Files\Registry Mechanic\unins000.exe"
Rob Papen Albino 3 --> C:\Program Files\Image-Line\FL Studio 8\Plugins\VST\UninstalAlbino3.exe
Rob Papen BLUE V1.02 --> "C:\Program Files\Image-Line\FL Studio 8\Plugins\VST\unins000.exe"
SampleTank 2.5 --> C:\Program Files\InstallShield Installation Information\{6559654F-2F38-491F-8411-211517C3E635}\setup.exe -runfromtemp -l0x0009 uninstall -removeonly
Scream Machines --> "C:\Program Files\Scream Machines\unins000.exe"
Smart Menus (Windows Live Toolbar) --> MsiExec.exe /X{F084395C-40FB-4DB3-981C-B51E74E1E83D}
Spyware Doctor 3.2 --> "C:\Program Files\Spyware Doctor\unins000.exe"
Steinberg Hypersonic v1.12.808 --> C:\PROGRA~1\VSTPLU~1\HYPERS~1\HYPERS~1\UNWISE.EXE C:\PROGRA~1\VSTPLU~1\HYPERS~1\HYPERS~1\INSTALL.LOG
T-RackS Plug-in --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{11EDED13-382B-450F-8081-BC6F26AF74CE}\setup.exe" -l0x9
Tone2 Firebird VSTi v1.2.1 --> C:\PROGRA~1\Tone2\UNWISE.EXE C:\PROGRA~1\Tone2\INSTALL.LOG
Toxic Biohazard --> C:\Program Files\Image-Line\Toxic Biohazard\uninstall.exe
UltraISO Premium V9.2 --> "C:\Program Files\UltraISO\unins000.exe"
Vuze --> C:\Program Files\Vuze\uninstall.exe
Windows Live Favorites for Windows Live Toolbar --> MsiExec.exe /X{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}
Windows Live installer --> MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Messenger --> MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live Sign-in Assistant --> MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Windows Live Toolbar --> "C:\Program Files\Windows Live Toolbar\UnInstall.exe" {D5A145FC-D00C-4F1A-9119-EB4D9D659750}
Windows Live Toolbar --> MsiExec.exe /X{D5A145FC-D00C-4F1A-9119-EB4D9D659750}
Windows Live Toolbar Extension (Windows Live Toolbar) --> MsiExec.exe /X{341201D4-4F61-4ADB-987E-9CCE4D83A58D}
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
Yahoo! Install Manager --> C:\Windows\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
Yahoo! Toolbar --> C:\PROGRA~1\Yahoo!\Common\unyt.exe
Zune --> c:\Program Files\Zune\ZuneSetup.exe /x
Zune --> MsiExec.exe /X{FF70513F-E3A7-402F-84FB-B7810A064BE2}
Zune Language Pack (ES) --> MsiExec.exe /X{EE4ACABF-531E-419A-9225-B8E0FA4955AF}
Zune Language Pack (FR) --> MsiExec.exe /X{0076E1AC-9E7B-4B9F-A62A-4CC9511AD8E3}


-- Application Event Log -------------------------------------------------------

Event Record #/Type3232 / Success
Event Submitted/Written: 06/26/2008 08:13:34 PM
Event ID/Source: 5617 / WinMgmt
Event Description:


Event Record #/Type3231 / Success
Event Submitted/Written: 06/26/2008 08:13:34 PM
Event ID/Source: 5615 / WinMgmt
Event Description:


Event Record #/Type3228 / Success
Event Submitted/Written: 06/26/2008 08:13:31 PM
Event ID/Source: 902 / Software Licensing Service
Event Description:
The Software Licensing service has started.

Event Record #/Type3181 / Error
Event Submitted/Written: 06/26/2008 00:05:46 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application iexplore.exe, version 7.0.6000.16681, time stamp 0x48113d17, faulting module ntdll.dll, version 6.0.6000.16386, time stamp 0x4549bdc9, exception code 0xc0000005, fault offset 0x0003b15f,
process id 0x270, application start time 0xiexplore.exe0.

Event Record #/Type3179 / Success
Event Submitted/Written: 06/26/2008 00:04:32 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type33039 / Warning
Event Submitted/Written: 06/26/2008 08:22:01 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%EddYElBeatma-PC27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %EddYElBeatma-PC27 can't undo changes that you allow.

For more information please see the following:
%EddYElBeatma-PC275

Scan ID: {D53CA69C-07AD-41D3-A7C8-69D26D0BFCE4}

User: EddYElBeatma-PC\EddY El Beatmaker

Name: %EddYElBeatma-PC271

ID: %EddYElBeatma-PC272

Severity ID: %EddYElBeatma-PC273

Category ID: %EddYElBeatma-PC274

Path Found: %EddYElBeatma-PC276

Alert Type: %EddYElBeatma-PC278

Detection Type: 1.1.1505.02

Event Record #/Type33038 / Warning
Event Submitted/Written: 06/26/2008 08:22:01 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%EddYElBeatma-PC27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %EddYElBeatma-PC27 can't undo changes that you allow.

For more information please see the following:
%EddYElBeatma-PC275

Scan ID: {691F3D31-5808-4C69-AF6E-4A5DD53B41C0}

User: EddYElBeatma-PC\EddY El Beatmaker

Name: %EddYElBeatma-PC271

ID: %EddYElBeatma-PC272

Severity ID: %EddYElBeatma-PC273

Category ID: %EddYElBeatma-PC274

Path Found: %EddYElBeatma-PC276

Alert Type: %EddYElBeatma-PC278

Detection Type: 1.1.1505.02

Event Record #/Type33037 / Warning
Event Submitted/Written: 06/26/2008 08:22:01 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%EddYElBeatma-PC27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %EddYElBeatma-PC27 can't undo changes that you allow.

For more information please see the following:
%EddYElBeatma-PC275

Scan ID: {6E0CBBA5-F7E8-461E-A595-A8DE8FB70B9C}

User: EddYElBeatma-PC\EddY El Beatmaker

Name: %EddYElBeatma-PC271

ID: %EddYElBeatma-PC272

Severity ID: %EddYElBeatma-PC273

Category ID: %EddYElBeatma-PC274

Path Found: %EddYElBeatma-PC276

Alert Type: %EddYElBeatma-PC278

Detection Type: 1.1.1505.02

Event Record #/Type33036 / Warning
Event Submitted/Written: 06/26/2008 08:22:01 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%EddYElBeatma-PC27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %EddYElBeatma-PC27 can't undo changes that you allow.

For more information please see the following:
%EddYElBeatma-PC275

Scan ID: {1CADE524-C039-441E-A6C9-3DA9D499602A}

User: EddYElBeatma-PC\EddY El Beatmaker

Name: %EddYElBeatma-PC271

ID: %EddYElBeatma-PC272

Severity ID: %EddYElBeatma-PC273

Category ID: %EddYElBeatma-PC274

Path Found: %EddYElBeatma-PC276

Alert Type: %EddYElBeatma-PC278

Detection Type: 1.1.1505.02

Event Record #/Type33035 / Warning
Event Submitted/Written: 06/26/2008 08:22:01 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%EddYElBeatma-PC27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %EddYElBeatma-PC27 can't undo changes that you allow.

For more information please see the following:
%EddYElBeatma-PC275

Scan ID: {5AD5D309-9AFF-4BE5-84FF-438CF7C147F4}

User: EddYElBeatma-PC\EddY El Beatmaker

Name: %EddYElBeatma-PC271

ID: %EddYElBeatma-PC272

Severity ID: %EddYElBeatma-PC273

Category ID: %EddYElBeatma-PC274

Path Found: %EddYElBeatma-PC276

Alert Type: %EddYElBeatma-PC278

Detection Type: 1.1.1505.02



-- End of Deckard's System Scanner: finished at 2008-06-26 20:22:32 ------------

BC AdBot (Login to Remove)

 


#2 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:04:52 AM

Posted 18 July 2008 - 10:46 PM

Hello EddY777,

If you still need help, then please post a fresh DSS Main.txt log so I can see if anything has changed.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:04:52 AM

Posted 24 July 2008 - 06:42 PM

Due to inactivity, this thread will now be closed. If you need this topic reopened, please contact me or a member of the HJT Team and we will reopen it for you. Include the address of this thread in your request. If you should have a new issue, please start a new topic. This applies only to the original topic starter. Everyone else please begin a New Topic.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users