Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected With Win32 Virut


  • This topic is locked This topic is locked
2 replies to this topic

#1 JOSE1616

JOSE1616

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:08:57 PM

Posted 14 July 2008 - 05:07 AM

MY COMPUTER GETS REALLY SLOW SOMETIMES .
IT SHOWS THAT ITS INFECTED WITH VIRUS...
SOMETIMES A BLUE SCREEN POPS UP...
LOTS OF SYSTEM32 ERRORS..

Deckard's System Scanner v20071014.68
Run by DJ SHADOW on 2008-07-14 02:41:15
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 2 Restore Point(s) --
2: 2008-07-14 09:41:21 UTC - RP3 - Deckard's System Scanner Restore Point
1: 2008-07-13 05:41:11 UTC - RP2 - Unsigned driver install


Backed up registry hives.
Performed disk cleanup.



-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-07-14 02:42:32
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\msdtc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\WINDOWS\system32\TODDSrv.exe
C:\Program Files\Zumie\zumie.exe
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\system32\alg.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Zumie\zumie.exe
C:\Documents and Settings\All Users\Application Data\cfqdodgx\ylmbuxyh.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\THotkey.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Uninstall Information\eadib.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
C:\Program Files\Lexmark 2400 Series\ezprint.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\TOSHIBA\IVP\ISM\pinger.exe
C:\WINDOWS\system32\DLA\DLACTRLW.EXE
C:\WINDOWS\system32\lphc3lpj0e90p.exe
C:\Program Files\rhc7lpj0e90p\rhc7lpj0e90p.exe
C:\WINDOWS\inf\svchost.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Ares\Ares.exe
C:\WINDOWS\system32\pphc3lpj0e90p.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\Speeditup Free\SpeedItUp.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Apple Computer\DVD@ccess\DVDAccess.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\Java\jre1.6.0_05\bin\jucheck.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Speeditup Free\Data\CheckUp.dat
C:\Program Files\LimeWire3\LimeWire.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Documents and Settings\DJ SHADOW\Desktop\dss.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?wl=true
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://home.microsoft.com/access/autosearch.asp?p=%s
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ShoppingReport - {100EB1FD-D03E-47FD-81F3-EE91287F9465} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: TBSB07396 - {D7ADF7C1-14FB-4110-B2DF-187884CAC12A} - C:\Program Files\Freeze.com Toolbar\freeze_us.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [aseadi] c:\program files\uninstall information\eadib.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [mscdti] C:\WINDOWS\cdti.exe /nosrv
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [lxcrmon.exe] "C:\Program Files\Lexmark 2400 Series\lxcrmon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 2400 Series\ezprint.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PINGER] C:\TOSHIBA\IVP\ISM\pinger.exe /run
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [lphc3lpj0e90p] C:\WINDOWS\system32\lphc3lpj0e90p.exe
O4 - HKLM\..\Run: [SMrhc7lpj0e90p] C:\Program Files\rhc7lpj0e90p\rhc7lpj0e90p.exe
O4 - HKLM\..\Run: [SMshc5lpj0e90p] C:\Program Files\shc5lpj0e90p\shc5lpj0e90p.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [systems] c:\windows\inf\svchost.exe
O4 - HKCU\..\Run: [EDRestore] C:\Program Files\Easy Desk Utilities\Set Point\Setpoint.exe Check
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [DW6] "C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe"
O4 - HKCU\..\Run: [RegPowerClean] "C:\Program Files\Winferno\RegistryPowerCleaner\RegPowerClean.exe"
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [SpeedItUpEX] C:\Program Files\Speeditup Free\SpeedItUp.exe -MINI
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKLM\..\Policies\Explorer\Run: [qpwOkqsvzU] C:\Documents and Settings\All Users\Application Data\cfqdodgx\ylmbuxyh.exe
O4 - HKCU\..\Policies\Explorer\Run: [NTSpool] NTSpool.exe
O4 - HKCU\..\Policies\Explorer\Run: [WinUpdating] WinUpdating.exe
O4 - HKCU\..\Policies\Explorer\Run: [Windows Printing Driver] gpedits.exe
O4 - HKCU\..\Policies\Explorer\Run: [NT Printing Services] ftps.exe
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Global Startup: DVD@ccess.lnk = C:\Program Files\Apple Computer\DVD@ccess\DVDAccess.exe
O4 - Global Startup: RAMASST.lnk = ?
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O21 - SSODL: gensrv - {6AE9B447-CF2D-4137-C62B-008DC2FFD101} - C:\Program Files\lzjeclb\gensrv.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: cfm - Unknown owner - C:\WINDOWS\system32\cfmom.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSVCCDA.EXE
O23 - Service: DVD-RAM_Service - Matsubleepa Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Swupdtmr - Unknown owner - C:\TOSHIBA\IVP\swupdate\swupdtmr.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\WINDOWS\system32\TODDSrv.exe
O23 - Service: Zumie Search Service - Zumie.com - C:\Program Files\Zumie\zumie.exe


--
End of file - 12286 bytes

-- File Associations -----------------------------------------------------------

.ini - inifile - shell\open\command - C:\WINDOWS\SYSTEM32\NOTEPAD.EXE %1
.reg - regfile - shell\open\command - "regedit.exe" "%1"
.txt - txtfile - shell\open\command - notepad.exe %1


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 TPkd - c:\windows\system32\drivers\tpkd.sys <Not Verified; PACE Anti-Piracy, Inc.; InterLok®>
R1 meiudf - c:\windows\system32\drivers\meiudf.sys <Not Verified; Matsubleepa Electric Industrial Co.,Ltd.; >
R2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.4.7.0) - c:\windows\system32\drivers\aegisp.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.4.7.0>
R2 DVDAccss - c:\windows\system32\drivers\dvdaccss.sys <Not Verified; Apple Computer, Inc.; DVDAccss Driver>
R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus® ASPI Shell>
R3 TVALD (Toshiba Mobile PC Service) - c:\windows\system32\drivers\nbsmi.sys <Not Verified; Toshiba Corporation; Toshiba Notebook PC SMI Service>
R3 Tvs (TOSHIBA Virtual Sound with SRS technologies) - c:\windows\system32\drivers\tvs.sys <Not Verified; TOSHIBA Corporation; Audio Filter>

S3 a8djavs - c:\windows\system32\drivers\a8djavs.sys <Not Verified; Native Instruments GmbH; Audio 8 DJ>
S3 a8djusb - c:\windows\system32\drivers\a8djusb.sys <Not Verified; Native Instruments GmbH; Audio 8 DJ>
S3 AvFlt (Antivirus Filter Driver) - c:\windows\system32\drivers\av5flt.sys (file missing)
S3 Jukebox3 - c:\windows\system32\drivers\ctpdusb.sys (file missing)
S3 NCHSSVAD (SoundTap Recorder) - c:\windows\system32\drivers\nchssvad.sys <Not Verified; NCH Swift Sound; NCH Swift Sound Virtual Audio Device>
S3 WpdUsb - c:\windows\system32\drivers\wpdusb.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Bonjour Service - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Inc.; Bonjour>
R2 DVD-RAM_Service - c:\windows\system32\dvdramsv.exe <Not Verified; Matsubleepa Electric Industrial Co., Ltd.; >
R2 IISADMIN (IIS Admin) - c:\windows\system32\inetsrv\inetinfo.exe <Not Verified; Microsoft Corporation; Internet Information Services>
R2 MSMQ (Message Queuing) - c:\windows\system32\mqsvc.exe <Not Verified; Microsoft Corporation; Microsoft Message Queue>
R2 SimpTcp (Simple TCP/IP Services) - c:\windows\system32\tcpsvcs.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
R2 SMTPSVC (Simple Mail Transfer Protocol (SMTP)) - c:\windows\system32\inetsrv\inetinfo.exe <Not Verified; Microsoft Corporation; Internet Information Services>
R2 SNMP (SNMP Service) - c:\windows\system32\snmp.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
R2 Swupdtmr - c:\toshiba\ivp\swupdate\swupdtmr.exe
R2 TAPPSRV (TOSHIBA Application Service) - "c:\program files\toshiba\toshiba applet\tappsrv.exe" <Not Verified; TOSHIBA Corp.; TOSHIBA TAPPSRV>
R2 TODDSrv (TOSHIBA Optical Disc Drive Service) - c:\windows\system32\toddsrv.exe <Not Verified; TOSHIBA Corporation; TDCSrv Application>
R2 Zumie Search Service - "c:\program files\zumie\zumie.exe" "c:\program files\zumie\zumie.dll" service <Not Verified; Zumie.com; Zumie Search>
R3 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>

S2 cfm - c:\windows\system32\cfmom.exe
S2 PowerManager (Power Manager) - c:\windows\svchost.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
S3 AresChatServer (Ares Chatroom server) - c:\program files\ares\chatserver.exe <Not Verified; Ares Development Group; Ares Chat Server>
S3 LPDSVC (TCP/IP Print Server) - c:\windows\system32\tcpsvcs.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
S3 WLSetupSvc (Windows Live Setup Service) - "c:\program files\windows live\installer\wlsetupsvc.exe" <Not Verified; Microsoft Corporation; Windows Live installer>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Video Controller (VGA Compatible)
Device ID: PCI\VEN_8086&DEV_27A2&SUBSYS_FF101179&REV_03\3&B1BFB68&0&10
Manufacturer:
Name: Video Controller (VGA Compatible)
PNP Device ID: PCI\VEN_8086&DEV_27A2&SUBSYS_FF101179&REV_03\3&B1BFB68&0&10
Service:

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Video Controller
Device ID: PCI\VEN_8086&DEV_27A6&SUBSYS_FF101179&REV_03\3&B1BFB68&0&11
Manufacturer:
Name: Video Controller
PNP Device ID: PCI\VEN_8086&DEV_27A6&SUBSYS_FF101179&REV_03\3&B1BFB68&0&11
Service:

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Modem Device on High Definition Audio Bus
Device ID: HDAUDIO\FUNC_02&VEN_11C1&DEV_3026&SUBSYS_11790001&REV_1007\4&1E09AF89&0&0101
Manufacturer:
Name: Modem Device on High Definition Audio Bus
PNP Device ID: HDAUDIO\FUNC_02&VEN_11C1&DEV_3026&SUBSYS_11790001&REV_1007\4&1E09AF89&0&0101
Service:

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: SM Bus Controller
Device ID: PCI\VEN_8086&DEV_27DA&SUBSYS_FF101179&REV_02\3&B1BFB68&0&FB
Manufacturer:
Name: SM Bus Controller
PNP Device ID: PCI\VEN_8086&DEV_27DA&SUBSYS_FF101179&REV_02\3&B1BFB68&0&FB
Service:

Class GUID: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Description: SoundTap Recorder
Device ID: ROOT\MEDIA\0000
Manufacturer: NCH Software
Name: SoundTap Recorder
PNP Device ID: ROOT\MEDIA\0000
Service:


-- Scheduled Tasks -------------------------------------------------------------

2008-06-16 09:08:25 386 --a------ C:\WINDOWS\Tasks\rpc.job
2008-06-05 19:57:03 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2008-06-14 and 2008-07-14 -----------------------------

2008-07-12 18:36:38 0 d-------- C:\WINDOWS\Prefetch
2008-07-12 16:58:19 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2008-07-12 15:28:15 1409024 --a------ C:\WINDOWS\system32\gpedits.exe
2008-07-12 15:28:10 63488 --a------ C:\WINDOWS\system32\ftps.exe
2008-07-12 15:28:10 10 --a------ C:\WINDOWS\system32\ciadvss.exe
2008-07-12 15:28:10 7680 --a------ C:\WINDOWS\system32\chkdskss.exe
2008-07-12 13:22:20 0 d-------- C:\Documents and Settings\SHADOW\Application Data\rhc7lpj0e90p
2008-07-12 13:22:09 0 d-------- C:\Documents and Settings\SHADOW\Application Data\shc5lpj0e90p
2008-07-12 13:21:36 109056 --a------ C:\WINDOWS\system32\refudaxs.exe
2008-07-12 12:46:52 0 d-------- C:\Documents and Settings\DJ SHADOW\Application Data\shc5lpj0e90p
2008-07-12 12:45:58 0 d-------- C:\Program Files\shc5lpj0e90p
2008-07-11 18:10:00 0 d-------- C:\Program Files\lzjeclb
2008-07-11 18:09:53 94208 --a------ C:\WINDOWS\system32\pphc3lpj0e90p.exe
2008-07-11 18:09:53 0 d-------- C:\Documents and Settings\DJ SHADOW\Application Data\rhc7lpj0e90p
2008-07-11 18:09:15 0 d-------- C:\Program Files\rhc7lpj0e90p
2008-07-11 18:08:57 0 d-------- C:\Documents and Settings\All Users\Application Data\cfqdodgx
2008-07-11 18:08:56 73216 --a------ C:\WINDOWS\system32\blphc3lpj0e90p.scr <Not Verified; Sysinternals; Sysinternals Blue Screen>
2008-07-11 18:08:54 185856 --a------ C:\WINDOWS\system32\lphc3lpj0e90p.exe
2008-07-11 18:08:45 0 d-------- C:\Documents and Settings\DJ SHADOW\Application Data\uTorrent
2008-07-11 18:08:38 0 d-------- C:\Program Files\uTorrent
2008-07-11 18:08:17 385024 --a------ C:\WINDOWS\system32\WinNB55.dll <Not Verified; ; MBar AFF ATD IESC TID>
2008-07-11 00:14:23 0 d--hs---- C:\found.000
2008-07-08 00:34:29 139 --a------ C:\WINDOWS\system32\Monitored3.dat
2008-07-08 00:26:58 0 d------c- C:\b4a17d60882590a5bbda569cf5
2008-07-06 06:53:50 0 --a----c- C:\_show_voltage
2008-07-04 05:08:13 0 d-------- C:\Program Files\Belarc
2008-07-04 04:02:49 0 d-------- C:\WINDOWS\RegisteredPackages
2008-07-04 03:31:42 0 d-------- C:\Program Files\Digital Locker Assistant
2008-07-04 03:07:55 0 d------c- C:\1fb440d6cd37cb23e4d1744d2da94a7a
2008-07-04 03:04:33 6463488 --a------ C:\Documents and Settings\DJ SHADOW\ntuser.dat
2008-06-28 02:58:19 0 d-------- C:\WINDOWS\system32\pirated.fixed - new <PIRATE~1.FIX>
2008-06-28 02:56:05 0 d-------- C:\Documents and Settings\DJ SHADOW\pirated.fixed - new <PIRATE~1.FIX>
2008-06-28 02:55:46 218 --a------ C:\WINDOWS\system32\Monitored1.dat
2008-06-28 02:55:33 10 --a------ C:\WINDOWS\system32\ciadvs.exe
2008-06-28 02:55:30 7680 --a------ C:\WINDOWS\system32\chkdsks.exe
2008-06-28 02:50:20 14572 --a------ C:\WINDOWS\system32\drivers\PFC.SYS <Not Verified; Padus, Inc.; Padus® ASPI Shell>
2008-06-28 02:50:20 29156 --a------ C:\WINDOWS\system32\drivers\DVDAccss.sys <Not Verified; Apple Computer, Inc.; DVDAccss Driver>
2008-06-28 02:50:20 0 d-------- C:\Program Files\Apple Computer
2008-06-28 01:44:49 0 d-------- C:\WINDOWS\system32\DLA
2008-06-28 01:44:47 0 d-------- C:\Program Files\Sonic
2008-06-28 01:38:51 0 d------c- C:\20a077920da90658c0
2008-06-28 01:23:23 0 d------c- C:\b8919742fa51491f93
2008-06-28 00:25:13 126976 --a------ C:\WINDOWS\system32\TODDSrv.exe <Not Verified; TOSHIBA Corporation; TDCSrv Application>
2008-06-28 00:03:31 0 d-------- C:\Documents and Settings\SHADOW\Application Data\Mozilla
2008-06-28 00:03:11 0 d-------- C:\Documents and Settings\SHADOW\Application Data\Adobe
2008-06-28 00:02:54 0 d-------- C:\Documents and Settings\SHADOW\Application Data\MySpace
2008-06-28 00:02:48 0 d-------- C:\Documents and Settings\SHADOW\Application Data\Real
2008-06-28 00:02:25 0 d-------- C:\Documents and Settings\SHADOW\Application Data\Identities
2008-06-28 00:01:21 0 dr-h----- C:\Documents and Settings\SHADOW\SendTo
2008-06-28 00:01:21 0 dr-h----- C:\Documents and Settings\SHADOW\Recent
2008-06-28 00:01:21 0 d--h----- C:\Documents and Settings\SHADOW\PrintHood <PRINTH~1>
2008-06-28 00:01:21 0 d--h----- C:\Documents and Settings\SHADOW\NetHood
2008-06-28 00:01:21 0 dr------- C:\Documents and Settings\SHADOW\My Documents <MYDOCU~1>
2008-06-28 00:01:21 0 d--h----- C:\Documents and Settings\SHADOW\Local Settings <LOCALS~1>
2008-06-28 00:01:21 0 dr------- C:\Documents and Settings\SHADOW\Favorites <FAVORI~1>
2008-06-28 00:01:21 0 d-------- C:\Documents and Settings\SHADOW\Desktop
2008-06-28 00:01:21 0 d---s---- C:\Documents and Settings\SHADOW\Cookies
2008-06-28 00:01:21 0 dr-h----- C:\Documents and Settings\SHADOW\Application Data <APPLIC~1>
2008-06-28 00:01:21 0 d---s---- C:\Documents and Settings\SHADOW\Application Data\Microsoft
2008-06-28 00:01:20 0 d--h----- C:\Documents and Settings\SHADOW\Templates <TEMPLA~1>
2008-06-28 00:01:20 0 dr------- C:\Documents and Settings\SHADOW\Start Menu <STARTM~1>
2008-06-28 00:01:20 786432 --ah----- C:\Documents and Settings\SHADOW\ntuser.dat
2008-06-27 23:52:41 0 d-------- C:\WINDOWS\system32\FxsTmp
2008-06-27 22:35:49 125952 --a------ C:\WINDOWS\system32\calc.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-06-27 22:35:39 260608 --a------ C:\WINDOWS\system32\accwiz.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-06-27 22:35:38 387584 --a------ C:\WINDOWS\system32\mspaint.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-06-27 22:35:37 549888 --a------ C:\WINDOWS\system32\spider.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-06-27 22:35:37 451584 --a------ C:\WINDOWS\system32\mstsc.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-06-27 22:06:03 0 d-------- C:\WINDOWS\setup.pss
2008-06-25 11:27:55 0 d-------- C:\Program Files\Paragon Software
2008-06-25 07:54:05 0 d-------- C:\i386
2008-06-25 07:38:46 0 d-------- C:\Utilities.temp
2008-06-25 07:20:28 0 d-------- C:\WINDOWS\system32\28463
2008-06-25 07:20:28 0 d-------- C:\Program Files\VVSN
2008-06-25 07:20:28 0 d-------- C:\Program Files\ShoppingReport
2008-06-25 07:20:28 0 d-------- C:\Documents and Settings\DJ SHADOW\Application Data\ShoppingReport
2008-06-25 07:17:31 0 d-------- C:\WINDOWS\IIS Temporary Compressed Files
2008-06-25 07:17:30 0 d-------- C:\WINDOWS\system32\Cache
2008-06-25 07:17:05 0 d-------- C:\Documents and Settings\DJ SHADOW\Application Data\Help
2008-06-25 07:17:01 0 d-------- C:\Documents and Settings\LocalService\Application Data\Mozilla
2008-06-25 07:17:00 0 d-------- C:\WINDOWS\Speeditup Free
2008-06-25 07:16:54 0 d-------- C:\WINDOWS\Downloaded Installations
2008-06-25 07:01:13 0 d-------- C:\Program Files\Winferno
2008-06-25 06:24:39 0 d-------- C:\PC Diagnostic.temp
2008-06-25 06:18:09 0 d-------- C:\Documents and Settings\All Users\Application Data\McAfee.com
2008-06-25 06:17:54 0 d-------- C:\Program Files\McAfee.com
2008-06-25 06:17:19 0 d-------- C:\McAfee.temp
2008-06-25 06:08:42 0 d-------- C:\Config Free.temp
2008-06-25 06:07:50 0 d-------- C:\DLA Writing.temp
2008-06-25 05:06:57 0 d-------- C:\Intel Proset.temp
2008-06-25 04:54:21 0 d-------- C:\Program Files\Intel
2008-06-25 04:54:10 0 d-------- C:\Intel Chipset.temp
2008-06-25 04:50:10 110602 --a------ C:\WINDOWS\system32\xcdsfx32.bin
2008-06-25 04:50:08 0 d-------- C:\Program Files\Driver Magician
2008-06-25 04:31:31 0 d-------- C:\RDC for Express.temp
2008-06-25 04:27:12 0 d-------- C:\OneNote2003SP1.temp
2008-06-25 03:46:22 0 d-------- C:\Program Files\YEAH MTP
2008-06-25 03:01:04 0 d-------- C:\Program Files\DiskInternals
2008-06-25 02:28:47 0 d-------- C:\Documents and Settings\DJ SHADOW\Application Data\Handy Address Book
2008-06-25 02:28:42 0 d-------- C:\Program Files\Handy Address Book
2008-06-25 02:24:09 0 d-------- C:\Program Files\Delicious Address Book
2008-06-25 02:24:09 0 d-------- C:\Documents and Settings\DJ SHADOW\Application Data\Angelic Software
2008-06-24 15:37:39 0 d-------- C:\Documents and Settings\DJ SHADOW\Application Data\ShoppingReport(2)
2008-06-17 08:49:24 510 --a------ C:\WINDOWS\system32\xtupdate.dat
2008-06-17 08:49:24 259584 --a------ C:\WINDOWS\system32\xtbaksm.dat
2008-06-17 08:43:22 73728 --a------ C:\WINDOWS\system32\smh.dat <Not Verified; SuperLogix; SuperMenuHook>
2008-06-17 08:42:56 0 d-------- C:\Program Files\XP Tools
2008-06-17 08:35:33 0 d-------- C:\Program Files\Elaborate Bytes
2008-06-17 08:34:53 0 d-------- C:\Program Files\Power Sound Editor Free
2008-06-16 12:08:45 737280 --a------ C:\WINDOWS\iun6002.exe <Not Verified; Indigo Rose Corporation; Setup Factory 6.0 Runtime Module>
2008-06-16 12:08:39 0 d-------- C:\Program Files\afreeCodecVT
2008-06-16 10:46:04 0 dr------- C:\Documents and Settings\NetworkService\Favorites <FAVORI~1>
2008-06-16 10:46:00 0 d-------- C:\Documents and Settings\NetworkService\Application Data\Talkback
2008-06-16 10:22:00 0 d-------- C:\Program Files\PCHealthCenter
2008-06-16 08:49:05 0 d-------- C:\Documents and Settings\NetworkService\Desktop
2008-06-16 04:13:30 0 d-------- C:\Documents and Settings\NetworkService\Application Data\Mozilla
2008-06-16 03:37:50 71680 --a------ C:\WINDOWS\system32\ipseccmd.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-06-16 03:37:09 122880 --a------ C:\WINDOWS\system32\dnscmd.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-06-16 03:29:35 44032 --a------ C:\WINDOWS\system32\snmp(4)(2).exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-06-16 03:29:32 279040 --a------ C:\WINDOWS\system32\fxssvc.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-06-16 03:29:31 306688 --a------ C:\WINDOWS\system32\fxscover.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-06-16 02:48:06 167936 --a------ C:\WINDOWS\system32\RAMASST.exe <Not Verified; Matsubleepa Electric Industrial Co., Ltd.; >
2008-06-16 02:48:06 122880 --a------ C:\WINDOWS\system32\DVDRAMSV.exe <Not Verified; Matsubleepa Electric Industrial Co., Ltd.; >
2008-06-16 02:48:06 135168 --a------ C:\WINDOWS\system32\DVDMenu.dll <Not Verified; Matsubleepa Electric Industrial Co., Ltd.; DVDMenu.dll>
2008-06-16 02:48:06 102384 --a------ C:\WINDOWS\system32\drivers\meiudf.sys <Not Verified; Matsubleepa Electric Industrial Co.,Ltd.; >
2008-06-16 02:48:06 0 d-------- C:\Program Files\DVD-RAM
2008-06-16 02:47:13 0 d-------- C:\DVD Ram.temp
2008-06-16 02:00:05 0 d-------- C:\TOSHIBA
2008-06-16 01:59:23 0 d-------- C:\Documents and Settings\All Users\Application Data\Winferno
2008-06-16 01:57:42 0 d-------- C:\AcousticSilencer.temp
2008-06-16 01:54:11 31 --a------ C:\WINDOWS\system32\win22dcd201121.dll
2008-06-16 01:54:00 45 --a------ C:\WINDOWS\system32\DVDCD.dll
2008-06-16 01:53:52 0 d-------- C:\Program Files\Abdio
2008-06-16 01:47:29 0 d-------- C:\Program Files\BackgroundCMD
2008-06-16 01:45:30 0 d-------- C:\Program Files\Speeditup Free
2008-06-16 01:45:27 0 d-------- C:\Program Files\Free Offers from Freeze.com
2008-06-16 01:45:26 495616 --a------ C:\WINDOWS\system32\WINUTIL5.DLL <Not Verified; Capital Intellect Inc; WINUTIL5>
2008-06-16 01:45:26 393216 --a------ C:\WINDOWS\system32\WINLCTL5.DLL <Not Verified; Capital Intellect Inc; WINLCTL5>
2008-06-16 01:44:51 0 d-------- C:\Program Files\Zumie
2008-06-16 01:44:41 0 d-------- C:\Program Files\Freeze.com Toolbar
2008-06-16 01:26:10 0 d-------- C:\Documents and Settings\DJ SHADOW\Application Data\JP Software
2008-06-16 01:12:12 0 d-------- C:\Program Files\WinOne
2008-06-16 01:12:07 69632 --a------ C:\WINDOWS\system32\wocmx.exe
2008-06-16 01:12:07 77824 --a------ C:\WINDOWS\system32\wocmx.dll
2008-06-16 00:38:22 0 d-------- C:\WINDOWS\system32\msmq
2008-06-16 00:38:21 0 d-------- C:\Inetpub


-- Find3M Report ---------------------------------------------------------------

2008-07-14 02:09:59 0 d-------- C:\Documents and Settings\DJ SHADOW\Application Data\LimeWire
2008-07-13 18:02:35 0 d-------- C:\Program Files\Mozilla Firefox 3 Beta 5
2008-07-13 16:04:37 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-07-12 18:28:28 0 d-------- C:\Program Files\Movie Maker
2008-07-12 18:26:42 25508 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-07-12 18:25:29 0 d-------- C:\Program Files\Windows NT
2008-07-12 17:01:39 37888 --a------ C:\WINDOWS\system32\rar.exe <Not Verified; Microsoft Corporation; Microsoft® Windows ® 2000 Operating System>
2008-07-12 13:19:24 0 d-------- C:\Program Files\Java
2008-07-10 10:05:01 0 d-------- C:\Program Files\Spyware Doctor
2008-07-10 10:05:00 0 d-------- C:\Program Files\Bonjour
2008-07-10 10:02:55 0 d-------- C:\Program Files\Acoustica MP3 CD Burner
2008-07-07 15:51:42 0 d-------- C:\Program Files\Ares
2008-07-04 13:14:44 0 d-------- C:\Program Files\VstPlugins
2008-06-28 02:50:19 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-06-28 00:24:52 0 d-------- C:\Program Files\TOSHIBA
2008-06-25 07:20:11 0 d-------- C:\Program Files\Creative
2008-06-25 07:20:10 0 d-------- C:\Program Files\Common Files
2008-06-25 07:16:49 0 d-------- C:\Program Files\Passcape
2008-06-25 07:16:48 0 d-------- C:\Program Files\DVDVideoSoft
2008-06-25 07:16:47 0 d-------- C:\Program Files\Windows Live Safety Center
2008-06-25 07:16:45 0 d-------- C:\Program Files\Arturia
2008-06-25 07:08:57 0 d-------- C:\Program Files\Winamp
2008-06-25 07:08:20 0 d-------- C:\Program Files\LimeWire3
2008-06-25 07:00:18 0 d-------- C:\Program Files\The Weather Channel FW
2008-06-25 06:07:38 0 d-------- C:\Program Files\Atheros
2008-06-24 15:27:55 0 d-------- C:\Program Files\NCH Swift Sound
2008-06-16 04:57:00 0 d-------- C:\Program Files\Windows Media Connect 2
2008-06-08 22:24:30 111616 --a------ C:\WINDOWS\csrss.exe
2008-06-08 06:49:55 0 d-------- C:\Program Files\AdmixDJ 2
2008-06-08 06:49:46 0 d-------- C:\Documents and Settings\DJ SHADOW\Application Data\admixdj
2008-06-08 06:33:31 0 d-------- C:\Program Files\SpacialAudio
2008-06-08 06:21:09 0 d-------- C:\Program Files\XYLIO
2008-06-08 04:39:54 0 d-------- C:\Program Files\Native Instruments
2008-06-08 02:43:36 0 d-------- C:\Program Files\MyXOFT
2008-06-05 23:47:20 0 d-------- C:\Program Files\VirtualDJ
2008-06-05 23:32:09 0 d-------- C:\Program Files\VIRTUALDJ 5
2008-05-30 00:32:49 0 d-------- C:\Program Files\@stake
2008-05-26 12:14:55 0 d-------- C:\Documents and Settings\DJ SHADOW\Application Data\Creative
2008-05-26 10:54:40 0 d--h----- C:\Program Files\Creative Installation Information
2008-05-26 10:52:56 0 d-------- C:\Program Files\Common Files\Creative
2008-05-26 03:11:39 0 d-------- C:\Program Files\Common Files\DVDVideoSoft
2008-05-26 02:41:32 0 d-------- C:\Program Files\YouTube Downloader
2008-05-25 05:08:38 0 d-------- C:\Documents and Settings\DJ SHADOW\Application Data\NCH Swift Sound
2008-05-24 23:16:59 0 d-------- C:\Documents and Settings\DJ SHADOW\Application Data\NCH Software
2008-05-24 23:06:39 0 d-------- C:\Documents and Settings\DJ SHADOW\Application Data\Anvil Studio
2008-05-24 19:45:33 782336 --a------ C:\WINDOWS\system32\WinUpdating.exe
2008-05-17 16:47:24 0 d-------- C:\Program Files\AVI Movie Player
2008-05-17 04:54:03 0 d-------- C:\Documents and Settings\DJ SHADOW\Application Data\Real
2008-05-17 04:49:09 1328 --a------ C:\WINDOWS\mozver.dat
2008-05-17 04:47:37 0 d-------- C:\Program Files\Common Files\xing shared
2008-05-17 04:47:31 0 d-------- C:\Program Files\Common Files\Real
2008-05-17 04:46:59 0 d-------- C:\Program Files\Real
2008-05-17 04:45:06 0 d-------- C:\Program Files\RichFX
2008-05-16 17:11:26 34 --a------ C:\WINDOWS\Ya.com
2008-05-15 18:59:12 0 d-------- C:\Program Files\Image-Line
2008-05-15 18:59:01 0 d-------- C:\Program Files\ASIO4ALL v2
2008-05-15 18:57:16 0 d-------- C:\Program Files\Outsim
2008-05-15 17:55:35 0 d-------- C:\Program Files\Acoustica Shared Effects
2008-05-15 17:41:08 0 d-------- C:\Program Files\Acoustica Mixcraft 3
2008-05-15 17:40:48 0 d-------- C:\Program Files\VST
2008-05-15 17:36:51 4922976 -rahs---- C:\WINDOWS\himem.exe <Not Verified; himem himem himem himem himem himem himem himem himem himem himem himem himem himem himem himem himem himem himem himem himem himem himem himem himem himem himem himem himem himem himem himem himem himem hime; himem himem himem himem himem himem himem himem himem himem himem himem himem himem himem himem himem himem himem himem himem himem himem himem himem himem himem himem himem himem himem himem himem himem>
2008-05-12 14:26:53 3400 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpoweramp Windows Media Audio 10 Codec.dat
2008-05-12 13:03:52 626688 --a------ C:\WINDOWS\system32\dfxg11.dll
2008-05-11 13:51:49 0 --ah----- C:\Program Files\Common Files\MSN
2008-05-11 13:33:40 785 --a------ C:\WINDOWS\Tpkdboot.reg
2008-05-11 13:33:40 634880 --a------ C:\WINDOWS\system32\ilinet.dll <Not Verified; PACE Anti-Piracy; InterLok>
2008-04-25 22:58:48 12896 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpoweramp Music Converter.dat
2008-04-25 04:41:42 5776 --a------ C:\WINDOWS\ upd.dll
2008-04-24 23:39:12 967372 --a------ C:\WINDOWS\windows-xp-home-serial keygen.exe
2008-04-24 23:39:12 974272 --a------ C:\WINDOWS\ultra-WMV-MPEG-AVI-to-FLV-Converter keygen.exe
2008-04-24 23:39:12 1010672 --a------ C:\WINDOWS\Resident Evil 4 keygen.exe
2008-04-24 23:39:12 964672 --a------ C:\WINDOWS\rail-simulator keygen.exe
2008-04-24 23:39:12 992972 --a------ C:\WINDOWS\docX keygen.exe
2008-04-24 23:39:12 959272 --a------ C:\WINDOWS\cyberlink keygen.exe
2008-04-24 23:39:12 976772 --a------ C:\WINDOWS\bulletproof keygen.exe
2008-04-24 23:39:12 998272 --a------ C:\WINDOWS\batch keygen.exe
2008-04-24 23:39:12 993072 --a------ C:\WINDOWS\avex-dvd keygen.exe
2008-04-24 23:39:12 962872 --a------ C:\WINDOWS\adobe-light-room keygen.exe
2008-04-24 23:37:33 1027072 --a------ C:\WINDOWS\cdti.exe
2008-04-24 23:37:33 950272 --a------ C:\WINDOWS\ rpl.exe
2008-04-24 23:37:33 467968 --a------ C:\WINDOWS\ IEXPLORE.EXE
2008-04-24 23:33:30 961536 --a------ C:\WINDOWS\system32\cfmom.exe
2008-04-24 16:06:50 62 ---hs---- C:\Documents and Settings\DJ SHADOW\Application Data\desktop.ini
2008-04-21 04:55:34 368640 --a------ C:\WINDOWS\RtlUpd.exe <Not Verified; Realtek Semiconductor Corp.; Realtek AC'97 Update and remove driver Tool>
2008-04-21 04:55:34 2154496 --a------ C:\WINDOWS\MicCal.exe <Not Verified; Realtek Semiconductor Corp.; Realtek Audio Microphone Calibration>
2008-04-21 04:55:31 147456 --a------ C:\WINDOWS\ALCMTR.EXE <Not Verified; Realtek Semiconductor Corp.; Realtek AC97 Audio - Event Monitor>
2008-04-21 00:04:00 474112 --a------ C:\WINDOWS\system32\shlwapi(2)(2)(2).dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-21 00:04:00 1494528 --a------ C:\WINDOWS\system32\shdocvw(2)(3).dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{100EB1FD-D03E-47FD-81F3-EE91287F9465}]
02/06/2008 05:13 AM 1173024 --a------ C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D7ADF7C1-14FB-4110-B2DF-187884CAC12A}]
05/15/2008 04:18 PM 1920120 --a------ C:\Program Files\Freeze.com Toolbar\freeze_us.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"THotkey"="C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe" [01/05/2006 02:02 PM]
"TFncKy"="TFncKy.exe" []
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [12/16/2005 04:32 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 04:25 AM]
"aseadi"="c:\program files\uninstall information\eadib.exe" [04/15/2007 09:50 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [03/30/2008 10:36 AM]
"Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [10/22/2006 11:24 PM]
"@"="" []
"mscdti"="C:\WINDOWS\cdti.exe" [04/24/2008 11:37 PM]
"ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [04/10/2008 03:14 PM]
"lxcrmon.exe"="C:\Program Files\Lexmark 2400 Series\lxcrmon.exe" [03/06/2006 01:48 PM]
"EzPrint"="C:\Program Files\Lexmark 2400 Series\ezprint.exe" [02/07/2006 01:10 AM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [05/17/2008 04:47 AM]
"PINGER"="C:\TOSHIBA\IVP\ISM\pinger.exe" [03/17/2005 05:37 PM]
"MsmqIntCert"="regsvr32 /s mqrt.dll" []
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [10/06/2005 05:20 AM]
"lphc3lpj0e90p"="C:\WINDOWS\system32\lphc3lpj0e90p.exe" [07/12/2008 01:21 PM]
"SMrhc7lpj0e90p"="C:\Program Files\rhc7lpj0e90p\rhc7lpj0e90p.exe" [07/11/2008 05:25 AM]
"SMshc5lpj0e90p"="C:\Program Files\shc5lpj0e90p\shc5lpj0e90p.exe" [07/10/2008 09:45 AM]
"RTHDCPL"="RTHDCPL.EXE" [12/09/2005 03:49 PM C:\WINDOWS\RTHDCPL.EXE]
"SoundMan"="SOUNDMAN.EXE" [09/21/2005 10:24 AM C:\WINDOWS\SoundMan.exe]
"AlcWzrd"="ALCWZRD.EXE" [10/11/2005 01:33 PM C:\WINDOWS\ALCWZRD.EXE]
"Alcmtr"="ALCMTR.EXE" [04/21/2008 04:55 AM C:\WINDOWS\ALCMTR.EXE]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ares"="C:\Program Files\Ares\Ares.exe" [02/20/2008 07:33 AM]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [04/21/2008 03:34 PM]
"systems"="c:\windows\inf\svchost.exe" [04/15/2007 09:50 PM]
"EDRestore"="C:\Program Files\Easy Desk Utilities\Set Point\Setpoint.exe" [03/08/2006 07:19 AM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/03/2004 06:07 PM]
"Creative Detector"="C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" [12/02/2004 06:23 PM]
"DW6"="C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe" [06/10/2008 04:18 PM]
"RegPowerClean"="C:\Program Files\Winferno\RegistryPowerCleaner\RegPowerClean.exe" [04/12/2007 03:24 PM]
"TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe" [12/30/2004 12:32 AM]
"SpeedItUpEX"="C:\Program Files\Speeditup Free\SpeedItUp.exe" [06/09/2008 02:34 AM]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [05/09/2006 09:03 PM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"MySpaceIM"=C:\Program Files\MySpace\IM\MySpaceIM.exe

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
DVD@ccess.lnk - C:\Program Files\Apple Computer\DVD@ccess\DVDAccess.exe [6/28/2008 2:50:20 AM]
RAMASST.lnk - C:\WINDOWS\system32\RAMASST.exe [6/16/2008 2:48:06 AM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoDispBackgroundPage"=1 (0x1)
"NoDispScrSavPage"=1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run]
"qpwOkqsvzU"=C:\Documents and Settings\All Users\Application Data\cfqdodgx\ylmbuxyh.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]
"NTSpool"=NTSpool.exe
"WinUpdating"=WinUpdating.exe
"Windows Printing Driver"=gpedits.exe
"NT Printing Services"=ftps.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"gensrv"= {6AE9B447-CF2D-4137-C62B-008DC2FFD101} - C:\Program Files\lzjeclb\gensrv.dll [07/11/2008 06:10 PM 106496]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc p2psvc p2pimsvc p2pgasvc PNRPSvc


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0588764a-3a84-11dd-b816-001302b290fd}]
AutoRun\command- E:\sdwhqwgm.exe
explore\Command- E:\sdwhqwgm.exe
open\Command- E:\sdwhqwgm.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4bd5c38e-0ff5-11dd-b786-001302b290fd}]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6237f008-2055-11dd-b7bc-001302b290fd}]
- E:\pmntqgvb.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6237f01d-2055-11dd-b7bc-001302b290fd}]
- F:\khvyxabj.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{97db579c-0055-11dd-b76c-001302b290fd}]
- E:\ezdmyora.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c0eac19c-134f-11dd-b793-001302b290fd}]
- E:\vqrsquvo.exe




-- Hosts -----------------------------------------------------------------------

127.0.0.1 dl2.teenpassage.com


-- End of Deckard's System Scanner: finished at 2008-07-14 02:44:03 ------------


Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Genuine Intel® CPU T2250 @ 1.73GHz
CPU 1: Genuine Intel® CPU T2250 @ 1.73GHz
Percentage of Memory in Use: 52%
Physical Memory (total/avail): 1525.98 MiB / 720.6 MiB
Pagefile Memory (total/avail): 3425.12 MiB / 2676.78 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1924.56 MiB

C: is Fixed (NTFS) - 111.78 GiB total, 58.64 GiB free.
D: is CDROM (CDFS)

\\.\PHYSICALDRIVE0 - TOSHIBA MK1246GSX - 111.79 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 111.78 GiB - C:



-- Security Center -------------------------------------------------------------

AUOptions is disabled.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.


[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\WINDOWS\\system32\\mqsvc.exe"="C:\\WINDOWS\\system32\\mqsvc.exe:*:Enabled:Message Queuing"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\Ares\\Ares.exe"="C:\\Program Files\\Ares\\Ares.exe:*:Enabled:Ares p2p for windows"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\LimeWire3\\LimeWire.exe"="C:\\Program Files\\LimeWire3\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Documents and Settings\\DJ SHADOW\\Local Settings\\Temp\\usmt\\migwiz.exe"="C:\\Documents and Settings\\DJ SHADOW\\Local Settings\\Temp\\usmt\\migwiz.exe:*:Disabled:Files and Settings Transfer Wizard"
"C:\\Program Files\\Winamp\\winamp.exe"="C:\\Program Files\\Winamp\\winamp.exe:*:Disabled:Winamp"
"C:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"="C:\\TOSHIBA\\ivp\\NetInt\\Netint.exe:*:Enabled:NIE - Toshiba Software Upgrades Engine"
"C:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"="C:\\TOSHIBA\\Ivp\\ISM\\pinger.exe:*:Enabled:Toshiba Software Upgrades Pinger"
"C:\\WINDOWS\\system32\\mqsvc.exe"="C:\\WINDOWS\\system32\\mqsvc.exe:*:Enabled:Message Queuing"
"C:\\WINDOWS\\system32\\usmt\\migwiz.exe"="C:\\WINDOWS\\system32\\usmt\\migwiz.exe:*:Disabled:Files and Settings Transfer Wizard"
"C:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"="C:\\Program Files\\MySpace\\IM\\MySpaceIM.exe:*:Enabled:MySpaceIM"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:µTorrent"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\DJ SHADOW\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_04\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=DJ-3B1144146A13
ComSpec=C:\WINDOWS\system32\cmd.exe
Driver=F:\
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\DJ SHADOW
LOGONSERVER=\\DJ-3B1144146A13
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\PROGRA~1\Java\JRE16~2.0_0\bin;C:\PROGRA~1\Java\JRE16~2.0_0\bin;C:\Program Files\Mozilla Firefox 3 Beta 5;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\WBEM;C:\Program Files\WinOne;C:\PROGRAM FILES\COMMON FILES\ADOBE\AGL;C:\PROGRAM FILES\QUICKTIME\QTSYSTEM\;.
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 14 Stepping 8, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0e08
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_04\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\DJSHAD~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\DJSHAD~1\LOCALS~1\Temp
USERDOMAIN=DJ-3B1144146A13
USERNAME=DJ SHADOW
USERPROFILE=C:\Documents and Settings\DJ SHADOW
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

DJ SHADOW (admin)
SHADOW
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0B095086-7205-4D48-90DF-DCD16613C6D4}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0B095086-7205-4D48-90DF-DCD16613C6D4}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{103BCDA0-E063-46AC-8028-64E78722ABA7}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{103BCDA0-E063-46AC-8028-64E78722ABA7}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2616B36E-38CE-4357-8AB5-8B3EE9B1C117}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2616B36E-38CE-4357-8AB5-8B3EE9B1C117}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{836612F0-1571-4C65-A4B7-58A39AA578EE}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{836612F0-1571-4C65-A4B7-58A39AA578EE}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A82F10CB-18B5-4EAC-AEF2-FA49CD565626}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D524239C-FD5C-4183-A49C-7930915A9C0A}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D524239C-FD5C-4183-A49C-7930915A9C0A}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D9A812DA-143D-4780-BEDC-FD6D41386317}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D9A812DA-143D-4780-BEDC-FD6D41386317}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DD2D9012-E5A1-4717-8EE9-8DB3F36E2F8C}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DD2D9012-E5A1-4717-8EE9-8DB3F36E2F8C}\setup.exe" -l0x9 /remove
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
µTorrent --> "C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
Abdio DVD CD Burner v6.2 (Trial version) --> C:\PROGRA~1\Abdio\ABDIOD~1\UNWISE.EXE C:\PROGRA~1\Abdio\ABDIOD~1\INSTALL.LOG
Acoustica Effects Pack --> C:\PROGRA~1\ACOUST~4\UNWISE.EXE C:\PROGRA~1\ACOUST~4\INSTALL.LOG
Adobe Acrobat 5.0 --> C:\WINDOWS\ISUN040A.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe Acrobat 8.1.0 Professional --> msiexec /I {AC76BA86-1033-F400-7760-000000000003}
Adobe Bridge 1.0 --> MsiExec.exe /I{B74D4E10-1033-0000-0000-000000000001}
Adobe Common File Installer --> MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39}
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Help Center 1.0 --> MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001}
Adobe Stock Photos 1.0 --> MsiExec.exe /I{786C5747-1033-0000-B58E-000000000001}
afreeCodecVT 1.1.52 --> C:\WINDOWS\iun6002.exe "C:\Program Files\afreeCodecVT\irunin.ini"
AntivirXP08 --> "C:\Program Files\rhc7lpj0e90p\uninstall.exe"
Apple Mobile Device Support --> MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
Ares 2.0.9 --> "C:\Program Files\Ares\uninstall.exe"
ASIO4ALL --> C:\Program Files\ASIO4ALL v2\uninstall.exe
Atheros Client Utility --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{71D658CF-4E0D-4DA8-AA67-8C0B6F1C01FE}\setup.exe" -l0x9
Atomix.Atomix MP3 v2.3 --> C:\PROGRA~1\ATOMIX~1\UNWISE.EXE C:\PROGRA~1\ATOMIX~1\INSTALL.LOG
AVI Movie Player --> C:\Program Files\AVI Movie Player\uninstall.exe
BackgroundCMD Shell Extension --> "C:\Program Files\BackgroundCMD\uninstall.exe"
Bat --> "C:\Program Files\Bat\un_BatSetup_15041.exe"
Bonjour --> MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
CD/DVD Drive Acoustic Silencer --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}\Setup.exe" -l0x9
Creative Jukebox Driver --> C:\WINDOWS\UNWISE.EXE C:\WINDOWS\JB3DRV.LOG
Creative MediaSource --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2E0C1913-886B-4C5C-8DAF-D1E649CE5FCC}\SETUP.EXE" -l0x9 /remove
Customize My Folders --> C:\PROGRA~1\Camtech\CUSTOM~1\UNWISE.EXE C:\PROGRA~1\Camtech\CUSTOM~1\INSTALL.LOG
dBpoweramp Music Converter --> "C:\WINDOWS\system32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\system32\SpoonUninstall-dBpoweramp Music Converter.dat
dBpoweramp Windows Media Audio 10 Codec --> "C:\WINDOWS\system32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\system32\SpoonUninstall-dBpoweramp Windows Media Audio 10 Codec.dat
DFX for Winamp --> "C:\Program Files\Winamp\uninstall_dfx.exe"
DJMixStation 2 feat. Virtual DJ --> C:\eJay\DJMIXS~1\UNWISE.EXE C:\eJay\DJMIXS~1\INSTALL.LOG
DVD-RAM Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9D765FA6-F2BC-40AF-8145-50808F9BDF4E}\setup.exe" -l0x9 DVD-RAM Driver
DVD Decrypter (Remove Only) --> "C:\Program Files\DVD Decrypter\uninstall.exe"
DVD@ccess 2.0.3 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2B34414C-14FB-11D6-A329-0050045C24B2}\Setup.exe" -l0x9
File-Saver --> "C:\Program Files\File-Saver\unins000.exe"
FL Studio 8 --> C:\Program Files\Image-Line\FL Studio 8\uninstall.exe
Free YouTube to Mp3 Converter version 3.1 --> "C:\Program Files\DVDVideoSoft\Free YouTube to Mp3 Converter\unins000.exe"
Freeze.com Toolbar --> regsvr32 /u /s "C:\Program Files\Freeze.com Toolbar\freeze_us.dll"
IL Download Manager --> C:\Program Files\Image-Line\Downloader\uninstall.exe
Intel® PRO Network Connections Drivers --> Prounstl.exe
Inzomia Viewer 3.11 --> C:\Program Files\Inzomia Viewer\uninst.exe
iTunes --> MsiExec.exe /I{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}
Java™ 6 Update 4 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160040}
Java™ 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
LADSPA_plugins-win-0.4.15 --> "C:\Program Files\Audacity\Plug-Ins\unins000.exe"
Lexmark 2400 Series --> C:\Program Files\Lexmark 2400 Series\Install\x86\Uninst.exe
LimeWire PRO 4.17.3 --> "C:\Program Files\LimeWire3\uninstall.exe"
Microsoft Office OneNote 2003 --> MsiExec.exe /I{91A10409-6000-11D3-8CFE-0150048383C9}
MixPad --> C:\Program Files\NCH Swift Sound\MixPad\uninst.exe
Mozilla Firefox (2.0.0.15) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Mozilla Firefox (3.0b5) --> C:\Program Files\Mozilla Firefox 3 Beta 5\uninstall\helper.exe
MProtector --> "C:\Program Files\shc5lpj0e90p\uninstall.exe"
MySpaceIM --> C:\Program Files\MySpace\IM\Uninstall.exe
Native Instruments - Audio 8 DJ Driver --> C:\Program Files\Native Instruments\Audio 8 DJ Driver\uninst.exe Software\Native Instruments\Audio 8 DJ Driver\Setup
Native Instruments Traktor DJ Studio 3 --> C:\PROGRA~1\NATIVE~1\TRAKTO~1\UNWISE.EXE C:\PROGRA~1\NATIVE~1\TRAKTO~1\INSTALL.LOG
Paragon Partition Manager 8.5 Special Edition --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{49CC1A6A-3A1A-4EE7-913F-8106B51B59D1}\Setup.exe" -l0x9
QuickTime --> MsiExec.exe /I{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek High Definition Audio Driver --> RtlUpd.exe -r -m
SD Secure Module --> MsiExec.exe /X{C45F4811-31D5-4786-801D-F79CD06EDD85}
Set Point by Easy Desk Software --> C:\WINDOWS\ST5UNST.EXE -n "C:\Program Files\Easy Desk Utilities\Set Point\ST5UNST.LOG"
ShopperReports --> C:\Program Files\ShoppingReport\Uninst.exe
Sonic DLA --> MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
SoundTap Streaming Audio Recorder --> C:\Program Files\NCH Swift Sound\SoundTap\uninst.exe
Speeditup Free 4.90 --> "C:\WINDOWS\Speeditup Free\uninstall.exe" "/U:C:\Program Files\Speeditup Free\irunin.xml"
Spyware Doctor 5.5 --> C:\Program Files\Spyware Doctor\unins000.exe /LOG
Switch --> C:\Program Files\NCH Swift Sound\Switch\uninst.exe
Synaptics Pointing Device Driver --> rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
System Restore Control --> C:\PROGRA~1\Camtech\SYSTEM~1\UNWISE.EXE C:\PROGRA~1\Camtech\SYSTEM~1\INSTALL.LOG
Texas Instruments PCIxx21/x515/xx12 drivers. --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{4497AFF6-98C4-4F49-B073-F48F42BCBF9E} /l1033
The Weather Channel Desktop 6 --> C:\Program Files\The Weather Channel FW\Desktop\TheWeatherChannelCustomUninstall.exe
TOSHIBA Controls --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A6690C0E-B96E-4F0F-A8EB-D5B332454AC6}\Setup.exe" -l0x9 UNINSTALL
TOSHIBA Hotkey Utility --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{64DD71BC-3109-4C88-9AD3-D5422644B722}\setup.exe" -l0x9
TOSHIBA Recovery Disc Creator --> MsiExec.exe /X{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}
TOSHIBA SD Memory Card Format --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{48CF9A66-5F03-4025-ABD0-B3A3FA095A59}\Setup.exe"
TOSHIBA Software Upgrades --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{425A2BC2-AA64-4107-9C29-484245BBEA05}\setup.exe"
TOSHIBA Utilities --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{78C68CB9-3DF5-44F3-AB9D-FA305C5EB85C}\setup.exe" -l0x9
TOSHIBA Virtual Sound --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8B12BA86-ADAC-4BA6-B441-FFC591087252}\Setup.exe" /uninstall
Uninstall 1.0.0.0 --> "C:\Program Files\Common Files\DVDVideoSoft\unins000.exe"
Using System Restore --> C:\PROGRA~1\Camtech\USINGS~1\UNWISE.EXE C:\PROGRA~1\Camtech\USINGS~1\INSTALL.LOG
Virtual DJ - Atomix Productions --> C:\PROGRA~1\VIRTUA~2\UNWISE.EXE C:\PROGRA~1\VIRTUA~2\INSTALL.LOG
WavePad Uninstall --> C:\Program Files\NCH Swift Sound\WavePad\uninst.exe
WIDI Recognition System 2.7 --> C:\WINDOWS\UnGins.exe "C:\Program Files\WIDI\install.log"
Windows Live installer --> MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Winferno Registry Power Cleaner --> "C:\Program Files\Winferno\RegistryPowerCleaner\unins000.exe"
WinOne® --> C:\Program Files\WinOne\uninst.exe
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
Yahoo! Install Manager --> C:\WINDOWS\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
Yahoo! Toolbar --> C:\PROGRA~1\Yahoo!\Common\unyt.exe
Zumie Search 1.0 build 140 --> C:\Program Files\Zumie\uninstall.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type4715 / Error
Event Submitted/Written: 07/14/2008 02:02:24 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application wuauclt.exe, version 5.4.3790.2180, faulting module wuauclt.exe, version 5.4.3790.2180, fault address 0x0001d6cc.
Processing media-specific event for [wuauclt.exe!ws!]

Event Record #/Type4714 / Error
Event Submitted/Written: 07/14/2008 02:02:19 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application wuauclt.exe, version 5.4.3790.2180, faulting module wuauclt.exe, version 5.4.3790.2180, fault address 0x0001d6cc.
Processing media-specific event for [wuauclt.exe!ws!]

Event Record #/Type4713 / Error
Event Submitted/Written: 07/14/2008 02:02:14 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application wuauclt.exe, version 5.4.3790.2180, faulting module wuauclt.exe, version 5.4.3790.2180, fault address 0x0001d6cc.
Processing media-specific event for [wuauclt.exe!ws!]

Event Record #/Type4712 / Error
Event Submitted/Written: 07/14/2008 02:02:08 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application wuauclt.exe, version 5.4.3790.2180, faulting module wuauclt.exe, version 5.4.3790.2180, fault address 0x0001d6cc.
Processing media-specific event for [wuauclt.exe!ws!]

Event Record #/Type4711 / Error
Event Submitted/Written: 07/14/2008 02:01:59 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application wuauclt.exe, version 5.4.3790.2180, faulting module wuauclt.exe, version 5.4.3790.2180, fault address 0x0001d6cc.
Processing media-specific event for [wuauclt.exe!ws!]



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type12962 / Error
Event Submitted/Written: 07/14/2008 02:38:04 AM
Event ID/Source: 59 / SideBySide
Event Description:
Generate Activation Context failed for C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_39049d00\MFC80U.DLL.
Reference error message: The operation completed successfully.
.

Event Record #/Type12961 / Error
Event Submitted/Written: 07/14/2008 02:38:04 AM
Event ID/Source: 59 / SideBySide
Event Description:
Resolve Partial Assembly failed for Microsoft.VC80.MFCLOC.
Reference error message: The referenced assembly is not installed on your system.
.

Event Record #/Type12960 / Error
Event Submitted/Written: 07/14/2008 02:38:04 AM
Event ID/Source: 32 / SideBySide
Event Description:
Dependent Assembly Microsoft.VC80.MFCLOC could not be found and Last Error was The referenced assembly is not installed on your system.

Event Record #/Type12959 / Error
Event Submitted/Written: 07/14/2008 02:38:04 AM
Event ID/Source: 59 / SideBySide
Event Description:
Generate Activation Context failed for C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_39049d00\MFC80U.DLL.
Reference error message: The operation completed successfully.
.

Event Record #/Type12958 / Error
Event Submitted/Written: 07/14/2008 02:38:04 AM
Event ID/Source: 59 / SideBySide
Event Description:
Resolve Partial Assembly failed for Microsoft.VC80.MFCLOC.
Reference error message: The referenced assembly is not installed on your system.
.



-- End of Deckard's System Scanner: finished at 2008-07-14 02:44:03 ------------

BC AdBot (Login to Remove)

 


m

#2 SNOWHITE

SNOWHITE

    missy malware magnet


  • Members
  • 2,676 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Bitola, Macedonia
  • Local time:02:57 AM

Posted 04 August 2008 - 08:06 AM

Hello and welcome to BC

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. We aim to provide the valuable service known to come from BC to every member we can, but sometimes it takes just a little longer to get to every request for help.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Upon completing the steps below a staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

Thanks and again sorry for the delay.

Please download Deckard's System Scanner (DSS) and save to your Desktop.
alternate download site

DSS will do the following:
  • Create a new System Restore point in Windows XP and Vista.
  • Clean your Temporary Files, Downloaded Program Files, Internet Cache Files, and empty the Recycle Bin on all drives.
  • Check some important areas of your system and produce a report for an analyst to review.
  • Automatically run HijackThis. It will also install and place a shortcut to HijackThis on your desktop if you do not already have it installed. So if HijackThis is not installed and DSS prompts you to download it, please answer yes.
You must be logged onto an account with administrator privileges when using.
  • Close all applications and windows.
  • Double-click on dss.exe to run it and follow the prompts.
  • If your anti-virus or firewall complains, please allow this script to run as it is not
    malicious.
  • When the scan is complete, two text files will open in Notepad:
    • main.txt <- this one will be maximized
    • extra.txt <- this one will be minimized
  • If not, they both can be found in the C:\Deckard\System Scanner folder.
  • Please copy (Ctrl+C) and paste (Ctrl+V) the contents of main.txt and extra.txt in your next reply.
-- When running DSS, some firewalls may warn that it is trying to access the Internet especially if your asked to download the most current version of HijackThis. Please ensure that you allow it permission to do so.
-- If you get a warning from your anti-virus while DSS is scanning, please allow DSS to continue as the scan is not harmful.


If you already preformed the steps above We still need to see the current state of the machine fresh scan and logs are still necessary

click on Start, click on Run
copy and paste the following in bold in the open window and then click OK
"%userprofile%\desktop\dss.exe" /config
This will open up DSS configuration
click on Check All
click Scan
DSS will now run again when finished
Please post back both logs that open in notepad
Main txt and extra txt



Next
Please do a scan with Kaspersky Online Scanner

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

Click on the Accept button and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
Please post back with dss reports main.txt, extra.txt and Kaspersky report.

Regards
SNOWHITE
Posted Image

#3 SNOWHITE

SNOWHITE

    missy malware magnet


  • Members
  • 2,676 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Bitola, Macedonia
  • Local time:02:57 AM

Posted 10 August 2008 - 12:21 PM

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.

Thank you :thumbsup:
SNOWHITE
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users