Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Winxp Pro, Hit With Dnschanger Among Others.


  • This topic is locked This topic is locked
2 replies to this topic

#1 boogieg

boogieg

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:12:03 PM

Posted 26 June 2008 - 08:55 PM

Forgive me if this is wordy, but I want you to have as much info as I can give you before you analyze my logs & suggest fixes:

- It all started on 6/18 when I stupidly opened an unfamiliar file and got hit with somethin' nasty. I used a couple of Uniblue programs, then a Kaspersky scan deleted my user32.dll file and I couldn't even boot up in safe mode.

- Was able to boot up with ERD Commander 2005 and returned to a previous restore point.

- Ran CCleaner and Malwarebyte's Anti-Malware and cleaned up about 170 found issues/infections. Can't believe I had it so bad! Thought I was out of the woods, but then SuperAntiSpyware and Ad-Aware caught some more issues including several trojans/backdoors.

- THEN, when I had scrubbed the damn thing for 2 days, scanning like a madwoman until CCleaner, Anti-Malware, SuperAntiSpyware, Ad-aware AND Avira found nothing. Did a happy dance until, as I was trying to go through and do one final scan with each program, I noticed that my browser was redirecting me every time I tried to connect to any of the update pages or files - I ended up having to DL them onto a flash drive and install the definitions updates manually (couldn't get the update for Mbam).

- And now I can't connect to ANY web pages (just get "cannot connect" or "page not found" error). SuperAntiSpyware (I think - I've run so many scans I can't keep track) caught DnsChanger trojan. I also downloaded and ran ATF-Clean and DSS.

I've since unplugged my internet cable, needless to say.

So, please help me. I'm about to throw this machine out the window and my neighborhood is pedestrian-heavy - save me the lawsuit! :thumbsup:

Here are my logs (which i had to copy onto a flash drive & now I'm using my husband's mac ibook to talk to y'all). I don't know if it matters, but I've uninstalled all Symantec software except for password manager, but there's still some traces. Not sure if that would interfere with any of my scans.

**PLEASE NOTE - I cannot get online on my machine in order to run another Kaspersky scan, and if I need to DL any new programs, they'll have to be migrated onto my machine via my flash drive, and I'll be unable to update any definitions files unless they're available to download so I can manually install them.

Deckard's System Scanner v20071014.68
Run by Gina on 2008-06-26 17:50:52
Computer is in Normal Mode.

--------------------------------------------------------------------------------



-- System Restore --------------------------------------------------------------



Successfully created a Deckard's System Scanner Restore Point.





-- Last 5 Restore Point(s) --

28: 2008-06-19 09:44:12 UTC - RP1659 - Uniblue RegistryBooster

27: 2008-06-19 09:24:03 UTC - RP1658 - Revo Uninstaller's restore point - RealJukebox 1.0

26: 2008-06-19 09:22:28 UTC - RP1657 - Revo Uninstaller's restore point - Ofoto Easy Upload ActiveX Control

25: 2008-06-19 09:18:22 UTC - RP1656 - Revo Uninstaller's restore point - Monitor Calibration Wizard 1.0

24: 2008-06-19 09:17:40 UTC - RP1655 - Removed MSSoap





-- First Restore Point --

1: 2008-06-13 03:31:46 UTC - RP1632 - Removed Adobe Reader 8.1.2





Backed up registry hives.

Performed disk cleanup.







-- HijackThis (run as Gina.exe) ------------------------------------------------



Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 5:52:40 PM, on 6/26/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16674)

Boot mode: Normal



Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\crypserv.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\WINDOWS\system32\Pen_Tablet.exe

C:\Program Files\Viewpoint\Common\ViewpointService.exe

C:\Program Files\Intel\ASF Agent\ASFAgent.exe

C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\Pen_Tablet.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe

C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

C:\Documents and Settings\Gina\Desktop\2c6598ik.exe

C:\PROGRA~1\TRENDM~1\HIJACK~1\Gina.exe



R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://email.secureserver.net/login.php

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.com/

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll

O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"

O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO

O4 - HKCU\..\Run: [wben] "C:\Program Files\Starfield\Desktop Notifier\wben.exe"

O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp

O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - Startup: Desktop Notifier.lnk = ?

O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

O4 - Startup: OneNote Table Of Contents.onetoc2

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe

O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O12 - Plugin for .htm: C:\Program Files\Netscape\Netscape Browser\PLUGINS\npTrident.dll

O16 - DPF: {08BEF711-06DA-48B2-9534-802ECAA2E4F9} (PlxInstall Class) - https://www.plaxo.com/down/release/PlaxoInstall.cab

O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files\Yahoo!\Common\Yinsthelper.dll

O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by104fd.bay104.hotmail.msn.com/resources/MsnPUpld.cab

O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/12b9f79af6fb59...ip/RdxIE601.cab

O16 - DPF: {5ed80217-570b-4da9-bf44-be107c0ec166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase9563.cab

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab

O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/ampx/ampx2.6.1.11_en_dl.cab

O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL

O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe (file missing)

O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe

O23 - Service: Avira AntiVir Personal ˝ Free Antivirus Scheduler (antivirscheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: Avira AntiVir Personal ˝ Free Antivirus Guard (antivirservice) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: ASF Agent (ASFAgent) - Intel Corporation - C:\Program Files\Intel\ASF Agent\ASFAgent.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: Intel« NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe

O23 - Service: Npl78xtinka - Intel Corporation - (no file)

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe

O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe

O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe

O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe

O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\WINDOWS\system32\Pen_Tablet.exe

O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe



--

End of file - 10398 bytes



-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------



backup-20080624-120617-498 O4 - HKLM\..\Run: [jdgf894jrghoiiskd] C:\DOCUME~1\Gina\LOCALS~1\Temp\winlogan.exe

backup-20080625-224159-823 O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)



-- File Associations -----------------------------------------------------------



.cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%*

.cpl - cplfile - shell\runas\command - rundll32.exe shell32.dll,Control_RunDLLAsUser "%1",%*

.js - jsfile - DefaultIcon - "C:\Program Files\Adobe\Adobe Dreamweaver CS3\Dreamweaver.exe",7

.js - jsfile - shell\open\command - "C:\Program Files\Adobe\Adobe Dreamweaver CS3\Dreamweaver.exe","%1"

.scr - scrfile - shell\open\command - "%1" %*





-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------



R0 giveio - c:\windows\system32\giveio.sys

R1 NetworkX - c:\windows\system32\ckldrv.sys

R1 omci (OMCI WDM Device Driver) - c:\windows\system32\drivers\omci.sys <Not Verified; Dell Computer Corporation; OMCI Driver>

R1 VClone - c:\windows\system32\drivers\vclone.sys <Not Verified; Elaborate Bytes AG; Virtual CloneDrive>

R2 NetAlrt - c:\windows\system32\drivers\netalrt.sys <Not Verified; Intel Corporation; Intel Alert on LANĂ 2>

R2 PlatAlrt - c:\windows\system32\drivers\platalrt.sys <Not Verified; Intel Corporation; Intel Alert on LANĂ 2>

R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus« ASPI Shell>



S3 iAimTV2 - c:\windows\system32\drivers\watv03nt.sys (file missing)

S3 NMSCFG (NIC Management Service Configuration Driver) - c:\windows\system32\drivers\nmscfg.sys <Not Verified; Intel Corporation; Intel« NMSCFG Driver>

S3 SbcpHid - c:\windows\system32\drivers\sbcphid.sys

S3 tmpassthrump - c:\windows\system32\drivers\tmpassthru.sys (file missing)





-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------



R2 antivirscheduler (Avira AntiVir Personal ˝ Free Antivirus Scheduler) - "c:\program files\avira\antivir personaledition classic\sched.exe" <Not Verified; Avira GmbH; AntiVir Workstation>

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>

R2 ASFAgent (ASF Agent) - c:\program files\intel\asf agent\asfagent.exe <Not Verified; Intel Corporation; IntelĂ PRO Alerting Suite ASF 1.0 Compatible>

R2 Bonjour Service - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Inc.; Bonjour>

R2 Crypkey License - crypserv.exe <Not Verified; Kenonic Controls Ltd.; CrypKey Software Licensing System>

R2 Viewpoint Manager Service - "c:\program files\viewpoint\common\viewpointservice.exe" <Not Verified; Viewpoint Corporation; Viewpoint Manager>



S2 Adobe LM Service - "c:\program files\common files\adobe systems shared\service\adobelmsvc.exe" (file missing)

S3 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>

S3 Mspatvsw -

S3 NMSSvc (Intel« NMS) - c:\windows\system32\nmssvc.exe <Not Verified; Intel Corporation; NMS>

S3 Npl78xtinka -

S3 Rdpdtwfpna -

S4 aswUpdSv (avast! iAVS4 Control Service) - "c:\program files\alwil software\avast4\aswupdsv.exe" (file missing)





-- Device Manager: Disabled ----------------------------------------------------



No disabled devices found.





-- Scheduled Tasks -------------------------------------------------------------



2008-06-25 07:24:31 254 --a------ C:\WINDOWS\Tasks\defrag.job

2008-06-19 00:00:00 306 --a------ C:\WINDOWS\Tasks\Symantec Drmc.job

2008-06-14 16:41:00 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job





-- Files created between 2008-05-26 and 2008-06-26 -----------------------------



2008-06-26 17:45:27 0 dr-h----- C:\Documents and Settings\Gina\Recent

2008-06-25 22:09:20 0 d-------- C:\~ErdUserProfile.$$$

2008-06-25 17:07:39 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com

2008-06-25 17:07:32 0 d-------- C:\Program Files\SUPERAntiSpyware

2008-06-25 17:07:32 0 d-------- C:\Documents and Settings\Gina\Application Data\SUPERAntiSpyware.com

2008-06-25 17:06:55 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard

2008-06-25 16:37:02 0 d-------- C:\Program Files\Lavasoft

2008-06-25 16:37:02 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft

2008-06-25 05:12:29 0 d-------- C:\Documents and Settings\Gina\Application Data\.thinkingrock

2008-06-25 05:07:20 0 d-------- C:\Program Files\TR-2.0.1

2008-06-24 23:36:33 0 d-------- C:\WINDOWS\ERUNT

2008-06-24 22:26:29 0 d-------- C:\Program Files\Windows Live Safety Center

2008-06-24 17:22:13 0 d-------- C:\Program Files\CCleaner

2008-06-24 16:36:34 0 d-------- C:\Documents and Settings\All Users\Application Data\SecTaskMan

2008-06-24 15:14:01 0 d-------- C:\Program Files\Avira

2008-06-24 15:14:01 0 d-------- C:\Documents and Settings\All Users\Application Data\Avira

2008-06-24 14:47:18 663337 --ahs---- C:\WINDOWS\system32\NUEdKnmp.ini2

2008-06-24 13:59:11 1887534 ---hs---- C:\WINDOWS\system32\btiauhul.ini2

2008-06-24 13:29:38 0 d-------- C:\Documents and Settings\Gina\Application Data\Malwarebytes

2008-06-24 13:29:24 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes

2008-06-24 13:29:23 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware

2008-06-24 13:28:08 0 d-------- C:\Program Files\RogueRemover FREE

2008-06-24 10:19:02 578560 --a------ C:\WINDOWS\system32\user32.DLL <Not Verified; Microsoft Corporation; MicrosoftĂ WindowsĂ Operating System>

2008-06-24 10:19:02 0 d--h----- C:\ErdUndoCache

2008-06-19 09:41:07 96966 --a------ C:\WINDOWS\system32\drivers\klin.dat

2008-06-19 09:41:07 88774 --a------ C:\WINDOWS\system32\drivers\klick.dat

2008-06-19 09:38:03 43808 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat

2008-06-19 09:38:03 4191520 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat

2008-06-19 09:38:00 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab

2008-06-19 08:08:50 0 d-------- C:\Documents and Settings\Gina\Application Data\InstallShield

2008-06-19 07:36:20 0 d-------- C:\Documents and Settings\All Users\Application Data\Uniblue

2008-06-19 07:34:00 0 d-------- C:\Documents and Settings\Gina\Application Data\HouseCall 6.6

2008-06-19 07:23:43 0 d-------- C:\Program Files\Trend Micro

2008-06-19 01:34:48 0 d--h----- C:\WINDOWS\system32\GroupPolicy

2008-06-19 01:31:52 0 d-------- C:\Documents and Settings\Gina\Application Data\VSRevoGroup

2008-06-19 01:07:24 0 d-------- C:\Program Files\VS Revo Group

2008-06-19 00:54:22 0 d-------- C:\WINDOWS\Prefetch

2008-06-19 00:31:41 0 d-------- C:\WINDOWS\system32\scripting

2008-06-19 00:31:34 0 d-------- C:\WINDOWS\l2schemas

2008-06-19 00:31:33 0 d-------- C:\WINDOWS\system32\en

2008-06-18 20:24:31 0 d-------- C:\Documents and Settings\All Users\Application Data\acccore

2008-06-18 20:23:59 0 d-------- C:\Program Files\AIM6

2008-06-14 18:00:37 0 d-------- C:\Documents and Settings\Gina\Application Data\Macromedia

2008-06-14 17:51:54 0 d-------- C:\Program Files\Common Files\Control Panels

2008-06-14 17:30:32 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe

2008-06-14 17:25:45 0 d-------- C:\WINDOWS\system32\Macromed

2008-06-14 17:21:51 0 d-------- C:\Program Files\Common Files\Macrovision Shared

2008-06-14 17:21:25 0 d-------- C:\Documents and Settings\Gina\Application Data\Adobe

2008-06-14 17:19:39 0 d-------- C:\Program Files\Common Files\Adobe

2008-06-13 16:48:03 0 d-------- C:\Documents and Settings\All Users\Application Data\ALM

2008-06-13 15:49:33 0 d-------- C:\Program Files\Windows Installer Clean Up

2008-06-12 11:37:41 0 d-------- C:\Documents and Settings\Gina\Application Data\Amazon

2008-06-12 11:37:18 0 d-------- C:\Program Files\Amazon

2008-06-10 23:44:01 0 d-------- C:\Program Files\3ivx

2008-06-10 23:43:39 0 d-------- C:\Program Files\muvee Technologies

2008-06-10 23:43:39 0 d-------- C:\Program Files\Common Files\muvee Technologies

2008-06-10 10:07:11 210629 --a------ C:\WINDOWS\Screen Calipers Uninstaller.exe

2008-06-10 10:07:10 0 d-------- C:\Documents and Settings\Gina\Application Data\Iconico

2008-06-10 10:07:09 0 d-------- C:\Program Files\Screen Calipers 4.0

2008-06-09 15:21:15 0 d-------- C:\Documents and Settings\Gina\Application Data\OfficeUpdate12

2008-06-09 15:08:22 0 d-------- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage

2008-06-09 14:56:33 0 d-------- C:\Program Files\MSECache

2008-06-09 14:44:51 0 dr-h----- C:\Documents and Settings\Gina\Application Data\yahoo!

2008-06-09 14:11:32 0 d-------- C:\Program Files\MSBuild

2008-06-09 14:09:24 0 d-------- C:\Program Files\Microsoft.NET

2008-06-09 14:02:55 0 d-------- C:\Program Files\Microsoft Visual Studio 8

2008-06-09 14:00:14 0 dr-h----- C:\MSOCache

2008-06-09 13:36:42 0 d-------- C:\Program Files\Elaborate Bytes

2008-06-09 13:15:26 0 d-------- C:\Program Files\SlySoft

2008-06-09 09:36:49 0 d-------- C:\Documents and Settings\Gina\Application Data\WinRAR

2008-05-29 09:16:39 652 --a------ C:\WINDOWS\unins000.dat

2008-05-28 16:13:30 0 d-------- C:\Program Files\iTunes

2008-05-28 16:08:48 0 d-------- C:\Program Files\Apple Software Update

2008-05-28 16:08:37 0 d------c- C:\WINDOWS\system32\DRVSTORE

2008-05-28 16:08:12 0 d-------- C:\Program Files\Common Files\Apple

2008-05-28 16:08:11 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple





-- Find3M Report ---------------------------------------------------------------



2008-06-26 17:44:46 0 d-------- C:\Documents and Settings\Gina\Application Data\WTablet

2008-06-26 11:51:54 0 d-------- C:\Program Files\Microsoft AntiSpyware

2008-06-25 17:06:55 0 d-------- C:\Program Files\Common Files

2008-06-25 13:57:09 0 d-------- C:\Program Files\Starfield

2008-06-25 05:12:15 0 d-------- C:\Program Files\Java

2008-06-24 14:27:41 0 d-------- C:\Documents and Settings\Gina\Application Data\Uniblue

2008-06-24 13:19:21 0 d-------- C:\Documents and Settings\Gina\Application Data\LumaPix

2008-06-24 13:06:56 0 d-------- C:\Program Files\Common Files\Symantec Shared

2008-06-19 08:09:09 0 d--h----- C:\Program Files\InstallShield Installation Information

2008-06-19 02:00:57 0 d-------- C:\Program Files\Messenger

2008-06-19 02:00:46 0 d-------- C:\Program Files\FileZilla

2008-06-19 02:00:41 0 d-------- C:\Program Files\Norton Password Manager

2008-06-19 02:00:39 0 d-------- C:\Program Files\Color Schemer Studio

2008-06-19 01:27:56 0 d-------- C:\Program Files\Real

2008-06-19 01:25:42 0 d-------- C:\Program Files\Common Files\Real

2008-06-19 01:24:26 0 d-------- C:\Documents and Settings\Gina\Application Data\Real

2008-06-19 01:08:32 256 --a------ C:\WINDOWS\system32\pool.bin

2008-06-19 00:31:32 0 d-------- C:\Program Files\Movie Maker

2008-06-19 00:25:21 0 d-------- C:\Program Files\Windows NT

2008-06-18 20:24:08 0 d-------- C:\Program Files\Common Files\AOL

2008-06-14 10:56:17 0 d-------- C:\Program Files\Common Files\Macromedia

2008-06-10 23:43:58 50 --a------ C:\AUTOEXEC.BAT

2008-06-09 14:34:35 676224 --a------ C:\WINDOWS\system32\OGACheckControl.DLL

2008-05-29 09:16:39 72748 --a------ C:\WINDOWS\unins000.exe <Not Verified; Jordan Russell; >

2008-05-29 00:26:02 524288 --a------ C:\WINDOWS\opuc.dll <Not Verified; Microsoft Corporation; 2007 Microsoft Office system>

2008-05-28 16:13:46 0 d-------- C:\Program Files\iPod

2008-05-28 16:12:37 0 d-------- C:\Program Files\Bonjour

2008-05-28 16:11:36 0 d-------- C:\Program Files\QuickTime





-- Registry Dump ---------------------------------------------------------------



*Note* empty entries & legit default entries are not shown





[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [02/12/2008 10:06 AM]

"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [03/28/2008 11:37 PM]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [03/25/2008 04:28 AM]



[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ccleaner"="C:\Program Files\CCleaner\CCleaner.exe" [05/28/2008 06:40 AM]

"wben"="C:\Program Files\Starfield\Desktop Notifier\wben.exe" [11/06/2007 02:12 PM]

"Aim6"="C:\Program Files\AIM6\aim6.exe" [06/12/2008 12:47 PM]

"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [05/28/2008 10:33 AM]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/14/2008 05:42 AM]



C:\Documents and Settings\Gina\Start Menu\Programs\Startup\

Desktop Notifier.lnk - C:\Documents and Settings\Gina\Application Data\Microsoft\Installer\{51592ABE-532F-4E96-8AE3-97A5AA0FB5D2}\_9ACCDA525420C05DB5CAFD.exe [6/9/2008 1:50:27 PM]

DESKTOP.INI [6/25/2008 6:23:05 AM]

OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [10/26/2006 8:24:54 PM]

OneNote Table Of Contents.onetoc2 [6/25/2008 6:29:48 AM]



C:\Documents and Settings\All Users\Start Menu\Programs\Startup\

Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [10/23/2006 1:48:20 AM]

Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [10/23/2006 12:01:50 AM]

DESKTOP.INI [9/3/2002 11:36:04 AM]



[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [05/13/2008 10:13 AM 77824]



[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 04/19/2007 01:41 PM 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll



[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]

C:\WINDOWS\System32\dimsntfy.dll



[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL



[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]

SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,



[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

@="Service"



[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]

@="Service"



[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]

@="Volume shadow copy"



[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]

backup=C:\WINDOWS\pss\Kodak EasyShare software.lnkCommon Startup



[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^KODAK Software Updater.lnk]

path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\KODAK Software Updater.lnk

backup=C:\WINDOWS\pss\KODAK Software Updater.lnkCommon Startup



[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\aim6]

"C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp



[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]

RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup



[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

"C:\Program Files\QuickTime\qttask.exe" -atboottime



[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

eapsvcs eaphost

dot3svc dot3svc



HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

napagent

hkmsvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f629e956-13cd-11dc-be41-000d56c63096}]

AutoRun\command- G:\system\viewer\FlipVideoforPC.exe

Flip Video for PC\command- G:\system\viewer\FlipVideoforPC.exe

-- End of Deckard's System Scanner: finished at 2008-06-26 17:54:43 ------------

Deckard's System Scanner v20071014.68

Extra logfile - please post this as an attachment with your post.

--------------------------------------------------------------------------------



-- System Information ----------------------------------------------------------



Microsoft Windows XP Professional (build 2600) SP 3.0

Architecture: X86; Language: English



CPU 0: Intel« Xeon™ CPU 3.06GHz

CPU 1: Intel« Xeon™ CPU 3.06GHz

Percentage of Memory in Use: 42%

Physical Memory (total/avail): 1023 MiB / 591.57 MiB

Pagefile Memory (total/avail): 2463.66 MiB / 2151.47 MiB

Virtual Memory (total/avail): 2047.88 MiB / 1827.04 MiB



A: is Removable (No Media)

C: is Fixed (NTFS) - 111.73 GiB total, 65.28 GiB free.

D: is CDROM (No Media)

E: is CDROM (No Media)

F: is CDROM (No Media)

G: is Removable (FAT)

H: is Fixed (NTFS) - 465.75 GiB total, 442.01 GiB free.



\\.\PHYSICALDRIVE0 - Maxtor 6Y120P0 - 111.76 GiB - 2 partitions

\PARTITION0 - Unknown - 31.35 MiB

\PARTITION1 (bootable) - Installable File System - 111.73 GiB - C:



\\.\PHYSICALDRIVE1 - SanDisk OEM USB Device - 243.17 MiB - 1 partition

\PARTITION0 - MS-DOS V4 Huge - 244.7 MiB - G:



\\.\PHYSICALDRIVE2 - WD 5000AAV External USB Device - 465.76 GiB - 1 partition

\PARTITION0 - Installable File System - 465.75 GiB - H:







-- Security Center -------------------------------------------------------------



AUOptions is scheduled to auto-install.





-- Environment Variables -------------------------------------------------------



ALLUSERSPROFILE=C:\Documents and Settings\All Users

APPDATA=C:\Documents and Settings\Gina\Application Data

CLASSPATH=.;C:\Program Files\Java\jre1.5.0_11\lib\ext\QTJava.zip

CLIENTNAME=Console

CommonProgramFiles=C:\Program Files\Common Files

COMPUTERNAME=GINA

ComSpec=C:\WINDOWS\system32\cmd.exe

FP_NO_HOST_CHECK=NO

HOMEDRIVE=C:

HOMEPATH=\Documents and Settings\Gina

LOGONSERVER=\\GINA

NUMBER_OF_PROCESSORS=2

OS=Windows_NT

Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Microsoft SQL Server\80\Tools\Binn\;C:\Program Files\Common Files\Adaptec Shared\System;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\;C:\Program Files\QuickTime\QTSystem\;;C:\PROGRA~1\COMMON~1\MUVEET~1\030625

PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH

PROCESSOR_ARCHITECTURE=x86

PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 5, GenuineIntel

PROCESSOR_LEVEL=15

PROCESSOR_REVISION=0205

ProgramFiles=C:\Program Files

PROMPT=$P$G

QTJAVA=C:\Program Files\Java\jre1.5.0_11\lib\ext\QTJava.zip

RoxioCentral=C:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\

SESSIONNAME=Console

SystemDrive=C:

SystemRoot=C:\WINDOWS

TEMP=C:\DOCUME~1\Gina\LOCALS~1\Temp

TMP=C:\DOCUME~1\Gina\LOCALS~1\Temp

USERDOMAIN=GINA

USERNAME=Gina

USERPROFILE=C:\Documents and Settings\Gina

windir=C:\WINDOWS





-- User Profiles ---------------------------------------------------------------



Gina (admin)

Administrator (admin)





-- Add/Remove Programs ---------------------------------------------------------



--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu

--> MsiExec.exe /I{07159635-9DFE-4105-BFC0-2817DB540C68}

--> MsiExec.exe /I{0D397393-9B50-4C52-84D5-77E344289F87}

--> MsiExec.exe /I{619CDD8A-14B6-43A1-AB6C-0F4EE48CE048}

--> MsiExec.exe /I{83FFCFC7-88C6-41C6-8752-958A45325C82}

--> MsiExec.exe /I{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}

--> MsiExec.exe /X{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}

--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf

3ivx MPEG-4 5.0.1 Decoder (remove only) --> "C:\Program Files\3ivx\3ivx MPEG-4 5.0.1 Decoder\uninstall.exe"

Ad-Aware --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}

Add or Remove Adobe Creative Suite 3 Master Collection --> C:\Program Files\Common Files\Adobe\Installers\4dcfd9b7e901b57f81f667144603236\Setup.exe

Adobe After Effects CS3 --> MsiExec.exe /I{EB0202F7-016A-410C-ADE4-40F848CCC661}

Adobe After Effects CS3 Third Party Content --> C:\Program Files\Common Files\Adobe\Installers\3675c95c239b992d5d0ee8fce969b9e\Setup.exe

Adobe Bridge Start Meeting --> MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}

Adobe Camera Raw 4.0 --> MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}

Adobe CMaps --> MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}

Adobe Color - Photoshop Specific --> MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}

Adobe Color Common Settings --> C:\Program Files\Common Files\Adobe\Installers\6c8e2cb4fd241c55406016127a6ab2e\Setup.exe

Adobe Contribute CS3 --> MsiExec.exe /I{FC9E08AA-CD59-4C59-BEF9-87E05B9E37D7}

Adobe Default Language CS3 --> MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}

Adobe ExtendScript Toolkit 2 --> C:\Program Files\Common Files\Adobe\Installers\3e054d2218e7aa282c2369d939e58ff\Setup.exe

Adobe Extension Manager CS3 --> MsiExec.exe /I{BE5F3842-8309-4754-92D5-83E02E6077A3}

Adobe Flash Player 9 ActiveX --> MsiExec.exe /X{BC4F8E84-5E29-49EC-B4E7-E6F9CB50986C}

Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe

Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe

Adobe Fonts All --> MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}

Adobe Illustrator CS3 --> MsiExec.exe /I{F08E8D2E-F132-4742-9C87-D5FF223A016A}

Adobe InDesign CS3 --> MsiExec.exe /I{CB3F8375-B600-4B9F-83C9-238ED1E583FD}

Adobe InDesign CS3 Icon Handler --> MsiExec.exe /I{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}

Adobe MotionPicture Color Files --> MsiExec.exe /I{6B708481-748A-4EB4-97C1-CD386244FF77}

Adobe PDF Library Files --> MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}

Adobe Reader 8 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A80000000002}

Adobe Type Support --> MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}

Adobe Update Manager CS3 --> MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}

Adobe Version Cue CS3 Client --> MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}

Adobe Video Profiles --> MsiExec.exe /I{845A8DB9-8802-4FD3-9FE3-938A6C46A2EC}

Adobe WAS CS3 --> MsiExec.exe /I{C5BD220A-EFE8-48A5-B70E-9503D535FACE}

Adobe WinSoft Linguistics Plugin --> MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}

Adobe XMP Panels CS3 --> MsiExec.exe /I{D5A31AB1-345D-47C7-A87B-036A669F6DF1}

AHV content for Acrobat and Flash --> MsiExec.exe /I{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}

AIM 6 --> C:\Program Files\AIM6\uninst.exe

Apple Mobile Device Support --> MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}

Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}

ATI - Software Uninstall Utility --> C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe

ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean

Avira AntiVir Personal ˝ Free Antivirus --> C:\Program Files\Avira\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE

BlackBerry Desktop Software 4.2.2 --> MsiExec.exe /I{0725C68F-FD3A-4476-BDA0-C002C7FE307C}

BlackBerry Desktop Software 4.2.2 --> MsiExec.exe /i{0725C68F-FD3A-4476-BDA0-C002C7FE307C}

Bonjour --> MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}

Canon MP Navigator 2.2 --> "C:\Program Files\Canon\MP Navigator 2.2\Maint.exe" /UninstallRemove C:\Program Files\Canon\MP Navigator 2.2\uninst.ini

Canon MP530 --> "C:\WINDOWS\system32\CanonMP Uninstaller Information\{3215EBED-1D06-42fb-A05C-A752A46FB24C}\DelDrv.exe" /U:{3215EBED-1D06-42fb-A05C-A752A46FB24C} /L0x0009

CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"

CloneCD --> "C:\Program Files\SlySoft\CloneCD\ccd-uninst.exe" /D="C:\Program Files\SlySoft\CloneCD"

Color Schemer Studio --> "C:\Program Files\Color Schemer Studio\unins000.exe"

Compl╚ment Microsoft Enregistrer en tant que PDF ou XPS pour programmes Microsoft OfficeÔÇ 2007 --> MsiExec.exe /X{90120000-00B2-040C-0000-0000000FF1CE}

Craft ROBO Controller --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{97D52BC9-D904-413F-A0F7-E3EE4C95B623}\setup.exe" -l0x9 -uninst -removeonly

Dell Solution Center --> MsiExec.exe /X{11F1920A-56A2-4642-B6E0-3B31A12C9288}

Desktop Notifier --> MsiExec.exe /I{51592ABE-532F-4E96-8AE3-97A5AA0FB5D2}

DVDSentry --> MsiExec.exe /I{98DF85D9-96C0-4F57-A92E-C3539477EF5E}

Easy CD Creator 5 Basic --> MsiExec.exe /I{609F7AC8-C510-11D4-A788-009027ABA5D0}

FileZilla (remove only) --> "C:\Program Files\FileZilla\uninstall.exe"

Google Desktop --> C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe -uninstall

HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall

Icon Restore 1.0 --> C:\WINDOWS\unins000.exe

Intel« PRO Ethernet Adapter and Software --> Prounstl.exe

Intel« PROSet II --> MsiExec.exe /I{01A4AEDE-F219-49A2-B855-16A016EAF9A4}

IntelĂ Pro Alerting Agent, Version 3.2.0 --> MsiExec.exe /I{66B4F24C-BE5D-423A-B56B-4013481F6801}

IntelĂ PRO Network Adapters WMI Provider (2.0) --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4C701994-43D2-4B7B-A548-C6E6C224D9A9}\setup.exe"

iPod for Windows 2006-01-10 --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{3D047C15-C859-45F7-81CE-F2681778069B} /l1033

iTunes --> MsiExec.exe /I{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}

J2SE Runtime Environment 5.0 Update 11 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110}

Java 2 Runtime Environment, SE v1.4.2 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142000}

Java™ 6 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160060}

LiveReg (Symantec Corporation) --> C:\Program Files\Common Files\Symantec Shared\LiveReg\VCSetup.exe /REMOVE

LiveUpdate 3.0 (Symantec Corporation) --> "C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U

Malwarebytes' Anti-Malware --> "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"

Malwarebytes' RogueRemover --> "C:\Program Files\RogueRemover FREE\unins000.exe"

Microsoft Data Access Components KB870669 --> C:\WINDOWS\muninst.exe C:\WINDOWS\INF\KB870669.inf

Microsoft Office Access MUI (English) 2007 --> MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}

Microsoft Office Access Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}

Microsoft Office Enterprise 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL

Microsoft Office Enterprise 2007 --> MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}

Microsoft Office Excel MUI (English) 2007 --> MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}

Microsoft Office Groove MUI (English) 2007 --> MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}

Microsoft Office Groove Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}

Microsoft Office InfoPath MUI (English) 2007 --> MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}

Microsoft Office OneNote MUI (English) 2007 --> MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}

Microsoft Office Outlook MUI (English) 2007 --> MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}

Microsoft Office PowerPoint MUI (English) 2007 --> MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}

Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}

Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}

Microsoft Office Proof (Spanish) 2007 --> MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}

Microsoft Office Proofing (English) 2007 --> MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}

Microsoft Office Publisher MUI (English) 2007 --> MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}

Microsoft Office Shared MUI (English) 2007 --> MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}

Microsoft Office Shared Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}

Microsoft Office Word MUI (English) 2007 --> MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}

Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}

MixMeister BPM Analyzer 1.0 --> "C:\Program Files\MixMeister BPM Analyzer\unins000.exe"

Mozilla Firefox (2.0.0.14) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe

MSRedist --> MsiExec.exe /I{FC37ABD0-2108-4beb-B010-1254E0662B5A}

muvee Plugin 1.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{82CA0A0C-A3EC-4167-B694-909205B2EDEC}\setup.exe" -l0x9

Netscape Browser (remove only) --> "C:\Program Files\Netscape\Netscape Browser\NSUninst.exe"

Norton Password Manager --> MsiExec.exe /I{8315D4B0-9BF2-4D63-8654-74B89D288D6E}

Norton Password Manager (Symantec Corporation) --> C:\Program Files\Common Files\Symantec Shared\SymSetup\{8315D4B0-9BF2-4D63-8654-74B89D288D6E}.exe /X

NPM_DRM_COLLECTION --> MsiExec.exe /I{E38D4B55-212A-4016-BE7E-ED3A6153CBEA}

NVIDIA Windows 2000/XP Display Drivers --> rundll32.exe C:\WINDOWS\System32\nvinstnt.dll,NvUninstallNT4 nvdw.inf

PDF Settings --> MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}

Pen Tablet --> C:\Program Files\Tablet\Pen\Remove.exe /u

PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall

QuickTime --> MsiExec.exe /I{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}

Revo Uninstaller 1.71 --> C:\Program Files\VS Revo Group\Revo Uninstaller\uninst.exe

ROBO Master --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DADD543C-4CD9-4F1C-AE2F-7048970BABA6}\setup.exe" -l0x9 -uninst -removeonly

Roxio Media Manager --> MsiExec.exe /X{66D171AA-670F-4309-9C74-5BA7F7DBA0B3}

Screen Calipers --> C:\WINDOWS\Screen Calipers Uninstaller.exe

Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}

Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}

Security Update for Excel 2007 (KB946974) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {85E83E2E-AF9B-439B-B4F9-EB9B7EF6A00E}

Security Update for Microsoft Office Publisher 2007 (KB950114) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}

Security Update for Microsoft Office system 2007 (KB951808) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {8F375E11-4FD6-4B89-9E2B-A76D48B51E00}

Security Update for Microsoft Office Word 2007 (KB950113) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {AD72BABE-C733-4FCF-9674-4314466191B9}

Security Update for Office 2007 (KB934062) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {305D509B-F194-4638-9F0F-D9E4C05F9D33}

Security Update for Office 2007 (KB947801) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {02B5A17B-01BE-4BA6-95F1-1CBB46EBC76E}

Security Update for Outlook 2007 (KB946983) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {66B9496E-C0C3-4065-9868-85CCA92126C3}

Security Update for Step By Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"

Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"

Security Update for the 2007 Microsoft Office System (KB936960) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5E5BD655-7AA9-47F9-BB6D-A1D8CE29AC86}

SUPERAntiSpyware Free Edition --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}

SWiSH Jukebox --> C:\WINDOWS\unvise32.exe C:\Program Files\SWiSH Jukebox\uninstal.log

SWiSH Max2 --> C:\WINDOWS\unvise32.exe C:\Program Files\SWiSH Max2\uninstal.log

The Font Thing --> C:\WINDOWS\uninst.exe -f"C:\Program Files\Fisher\The Font Thing\DeIsL1.isu" -c"C:\Program Files\Fisher\The Font Thing\_ISREG32.DLL"

ThinkingRock-2.0.1 --> "C:\Program Files\TR-2.0.1\uninstall.exe"

Update for Office 2007 (KB932080) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {EDC9CA29-6BC1-471C-828C-7A36109005D7}

Update for Office 2007 (KB946691) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}

Update for Outlook 2007 Junk Email Filter (kb950378) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F6296086-AED5-4EC0-938B-08EA0254F20E}

USB MassStorage CardReader --> C:\Program Files\Kodak\040a_5005\Remove.exe

Viewpoint Manager (Remove Only) --> C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgrInstaller.exe /u /k

Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u

VirtualCloneDrive --> "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\vcd-uninst.exe" /D="C:\Program Files\Elaborate Bytes\VirtualCloneDrive"

Web-Based Email Tools --> MsiExec.exe /I{FC0F1F55-DB40-462C-9B2E-ABFF2187C147}

WildTangent Web Driver --> C:\Program Files\WildTangent\Apps\CDA\CDAUninstall.exe

Windows Defender Signatures --> MsiExec.exe /I{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}

Windows Installer Clean Up --> MsiExec.exe /I{121634B0-2F4A-11D3-ADA3-00C04F52DD53}

Windows Live OneCare safety scanner --> RunDll32.exe "C:\Program Files\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT

Windows XP Service Pack 3 --> "C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"

WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe





-- Application Event Log -------------------------------------------------------



Event Record #/Type41887 / Error

Event Submitted/Written: 06/26/2008 05:54:38 PM

Event ID/Source: 101 / Automatic LiveUpdate Scheduler

Event Description:

Information Level: error

Internet connection not detected.



Event Record #/Type41885 / Error

Event Submitted/Written: 06/26/2008 05:49:38 PM

Event ID/Source: 101 / Automatic LiveUpdate Scheduler

Event Description:

Information Level: error

Internet connection not detected.



Event Record #/Type41871 / Error

Event Submitted/Written: 06/26/2008 05:38:52 PM

Event ID/Source: 101 / Automatic LiveUpdate Scheduler

Event Description:

Information Level: error

Internet connection not detected.



Event Record #/Type41869 / Error

Event Submitted/Written: 06/26/2008 05:33:50 PM / 06/26/2008 05:33:51 PM

Event ID/Source: 101 / Automatic LiveUpdate Scheduler

Event Description:

Information Level: error

Internet connection not detected.



Event Record #/Type41867 / Error

Event Submitted/Written: 06/26/2008 05:28:49 PM

Event ID/Source: 101 / Automatic LiveUpdate Scheduler

Event Description:

Information Level: error

Internet connection not detected.







-- Security Event Log ----------------------------------------------------------



No Errors/Warnings found.





-- System Event Log ------------------------------------------------------------



Event Record #/Type54588 / Error

Event Submitted/Written: 06/26/2008 05:44:45 PM

Event ID/Source: 7000 / Service Control Manager

Event Description:

The MCSTRM service failed to start due to the following error:

%%2



Event Record #/Type54587 / Error

Event Submitted/Written: 06/26/2008 05:44:45 PM

Event ID/Source: 7000 / Service Control Manager

Event Description:

The Adobe LM Service service failed to start due to the following error:

%%3



Event Record #/Type54586 / Error

Event Submitted/Written: 06/26/2008 05:44:45 PM

Event ID/Source: 7000 / Service Control Manager

Event Description:

The Comroeacopk service failed to start due to the following error:

%%2



Event Record #/Type54584 / Warning

Event Submitted/Written: 06/26/2008 05:44:38 PM

Event ID/Source: 2511 / Server

Event Description:

The server service was unable to recreate the share Bradley because the directory C:\Documents and Settings\Bradley no longer exists. Please run "net share Bradley /delete" to delete the share, or recreate the directory C:\Documents and Settings\Bradley.



Event Record #/Type54555 / Error

Event Submitted/Written: 06/26/2008 00:18:34 PM

Event ID/Source: 7000 / Service Control Manager

Event Description:

The MCSTRM service failed to start due to the following error:

%%2







-- End of Deckard's System Scanner: finished at 2008-06-26 17:54:43 ------------





Avira AntiVir Personal

Report file date: Wednesday, June 25, 2008 23:48



Scanning for 1358316 virus strains and unwanted programs.



Licensed to: Avira AntiVir PersonalEdition Classic

Serial number: 0000149996-ADJIE-0001

Platform: Windows XP

Windows version: (Service Pack 3) [5.1.2600]

Boot mode: Normally booted

Username: SYSTEM

Computer name: GINA



Version information:

BUILD.DAT : 8.1.00.295 16479 Bytes 4/9/2008 16:24:00

AVSCAN.EXE : 8.1.2.12 311553 Bytes 3/18/2008 19:02:56

AVSCAN.DLL : 8.1.1.0 53505 Bytes 2/7/2008 18:43:37

LUKE.DLL : 8.1.2.9 151809 Bytes 2/28/2008 18:41:23

LUKERES.DLL : 8.1.2.1 12033 Bytes 2/21/2008 18:28:40

ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 7/18/2007 20:33:34

ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 6/24/2008 23:31:39

ANTIVIR2.VDF : 7.0.5.2 2048 Bytes 6/24/2008 23:31:40

ANTIVIR3.VDF : 7.0.5.3 2048 Bytes 6/24/2008 23:31:40

Engineversion : 8.1.0.59

AEVDF.DLL : 8.1.0.5 102772 Bytes 2/25/2008 19:58:21

AESCRIPT.DLL : 8.1.0.44 278907 Bytes 6/24/2008 23:34:38

AESCN.DLL : 8.1.0.22 119157 Bytes 6/24/2008 23:34:27

AERDL.DLL : 8.1.0.20 418165 Bytes 6/24/2008 23:34:21

AEPACK.DLL : 8.1.1.6 364918 Bytes 6/24/2008 23:34:02

AEOFFICE.DLL : 8.1.0.20 192891 Bytes 6/24/2008 23:33:41

AEHEUR.DLL : 8.1.0.32 1274231 Bytes 6/24/2008 23:33:33

AEHELP.DLL : 8.1.0.15 115063 Bytes 6/24/2008 23:32:25

AEGEN.DLL : 8.1.0.29 307573 Bytes 6/24/2008 23:32:17

AEEMU.DLL : 8.1.0.6 430451 Bytes 6/24/2008 23:31:58

AECORE.DLL : 8.1.0.31 168310 Bytes 6/24/2008 23:31:47

AVWINLL.DLL : 1.0.0.7 14593 Bytes 1/24/2008 03:07:53

AVPREF.DLL : 8.0.0.1 25857 Bytes 2/18/2008 20:37:50

AVREP.DLL : 7.0.0.1 155688 Bytes 4/16/2007 23:26:47

AVREG.DLL : 8.0.0.0 30977 Bytes 1/24/2008 03:07:49

AVARKT.DLL : 1.0.0.23 307457 Bytes 2/12/2008 18:29:23

AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 2/28/2008 18:31:31

SQLITE3.DLL : 3.3.17.1 339968 Bytes 1/23/2008 03:28:02

SMTPLIB.DLL : 1.2.0.19 28929 Bytes 1/24/2008 03:08:39

NETNT.DLL : 8.0.0.1 7937 Bytes 1/25/2008 22:05:10

RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 3/11/2008 00:37:25

RCTEXT.DLL : 8.0.32.0 86273 Bytes 3/6/2008 22:02:11



Configuration settings for the scan:

Jobname..........................: Complete system scan

Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp

Logging..........................: low

Primary action...................: interactive

Secondary action.................: ignore

Scan master boot sector..........: on

Scan boot sector.................: on

Boot sectors.....................: C:, H:,

Scan memory......................: on

Process scan.....................: on

Scan registry....................: on

Search for rootkits..............: off

Scan all files...................: Intelligent file selection

Scan archives....................: on

Recursion depth..................: 20

Smart extensions.................: on

Macro heuristic..................: on

File heuristic...................: medium



Start of the scan: Wednesday, June 25, 2008 23:48



The scan of running processes will be started

Scan process 'avscan.exe' - '1' Module(s) have been scanned

Scan process 'avcenter.exe' - '1' Module(s) have been scanned

Scan process 'mbam.exe' - '1' Module(s) have been scanned

Scan process 'ViewMgr.exe' - '1' Module(s) have been scanned

Scan process 'ONENOTEM.EXE' - '1' Module(s) have been scanned

Scan process 'SUPERAntiSpyware.exe' - '1' Module(s) have been scanned

Scan process 'jusched.exe' - '1' Module(s) have been scanned

Scan process 'ctfmon.exe' - '1' Module(s) have been scanned

Scan process 'avgnt.exe' - '1' Module(s) have been scanned

Scan process 'alg.exe' - '1' Module(s) have been scanned

Scan process 'Pen_Tablet.exe' - '1' Module(s) have been scanned

Scan process 'Pen_TabletUser.exe' - '1' Module(s) have been scanned

Scan process 'explorer.exe' - '1' Module(s) have been scanned

Scan process 'ASFAgent.exe' - '1' Module(s) have been scanned

Scan process 'ViewpointService.exe' - '1' Module(s) have been scanned

Scan process 'wdfmgr.exe' - '1' Module(s) have been scanned

Scan process 'Pen_Tablet.exe' - '1' Module(s) have been scanned

Scan process 'symlcsvc.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'MDM.EXE' - '1' Module(s) have been scanned

Scan process 'Crypserv.exe' - '1' Module(s) have been scanned

Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned

Scan process 'AluSchedulerSvc.exe' - '1' Module(s) have been scanned

Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned

Scan process 'avguard.exe' - '1' Module(s) have been scanned

Scan process 'sched.exe' - '1' Module(s) have been scanned

Scan process 'spoolsv.exe' - '1' Module(s) have been scanned

Scan process 'aawservice.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned

Scan process 'lsass.exe' - '1' Module(s) have been scanned

Scan process 'services.exe' - '1' Module(s) have been scanned

Scan process 'winlogon.exe' - '1' Module(s) have been scanned

Scan process 'csrss.exe' - '1' Module(s) have been scanned

Scan process 'smss.exe' - '1' Module(s) have been scanned

39 processes with 39 modules were scanned



Starting master boot sector scan:

Master boot sector HD0

[INFO] No virus was found!

Master boot sector HD1

[INFO] No virus was found!



Start scanning boot sectors:

Boot sector 'C:\'

[INFO] No virus was found!

Boot sector 'H:\'

[INFO] No virus was found!



Starting to scan the registry.

The registry was scanned ( '21' files ).





Starting the file scan:



Begin scan in 'C:\'

C:\hiberfil.sys

[WARNING] The file could not be opened!

C:\pagefile.sys

[WARNING] The file could not be opened!

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll

[WARNING] The file could not be opened!

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsys.dll

[WARNING] The file could not be opened!

Begin scan in 'H:\' <500Gig HD>





End of the scan: Thursday, June 26, 2008 03:22

Used time: 3:34:07 min



The scan has been done completely.



17691 Scanning directories

662080 Files were scanned

0 viruses and/or unwanted programs were found

0 Files were classified as suspicious:

0 files were deleted

0 files were repaired

0 files were moved to quarantine

0 files were renamed

4 Files cannot be scanned

662080 Files not concerned

7410 Archives were scanned

4 Warnings

0 Notes

Edited by boogieg, 26 June 2008 - 11:08 PM.


BC AdBot (Login to Remove)

 


#2 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:02:03 PM

Posted 19 July 2008 - 03:35 PM

Hello Gina,

Welcome to Bleeping Computer :)

Sorry about the delay.:thumbsup: If you still need help, please post a new HijackThis log to make sure nothing has changed, and I'll be happy to look at it for you.

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#3 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:02:03 PM

Posted 07 August 2008 - 07:27 PM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users