Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected With Adware


  • Please log in to reply
1 reply to this topic

#1 Mike213

Mike213

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:11:58 PM

Posted 21 July 2008 - 11:49 AM

I read through the topic about what you are supposed to do before posting, the main reason I didn't use Kapersky online scanner is because I have used the Nod32/Uniblue scanner a couple of times and found the same file, even when i use the File Shredder to delete it and restart. The filename is (fccdcAQI.dll), and its located is my system32. I just wanted to make sure before I took it out of the log, and also make sure theres no more! This adware makes my computer run so slow, it's ridiculous how much faster it was before I got this infection. Anyway, here are my computer specs and my logs. Thank you for the help in advance, im glad there are websites like this to help idiots like me ;)

Windows XP
AMD Athlon 64 Procesor 3200+, 2.0GHz
2496 MB RAM
Nvidia geforce 6150

/Deckard's System Scanner v20071014.68
Run by euser on 2003-07-21 09:24:25
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
57: 2003-07-21 16:25:07 UTC - RP714 - Deckard's System Scanner Restore Point
56: 2003-07-20 18:28:23 UTC - RP713 - System Checkpoint
55: 2003-07-19 17:52:21 UTC - RP712 - System Checkpoint
54: 2003-07-18 17:28:18 UTC - RP711 - System Checkpoint
53: 2003-07-17 16:29:29 UTC - RP710 - System Checkpoint


-- First Restore Point --
1: 2008-06-02 08:29:52 UTC - RP658 - Removed AutoCAD 2007 - English


Backed up registry hives.
Performed disk cleanup.

System Drive C: has 10 GiB (less than 15%) free.


-- HijackThis (run as euser.exe) -----------------------------------------------

Unable to find log (file not found); running clone.
-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2003-07-21 09:27:28
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:WINDOWSsystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32spoolsv.exe
C:Program FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe
C:Program FilesIVT CorporationBlueSoleilBTNtService.exe
C:Program FilesBonjourmDNSResponder.exe
C:Program FilesM-AudioFast Track ProMAUSBInst.exe
C:Program FilesCommon FilesMicrosoft SharedVS7DEBUGmdm.exe
C:Program FilesNeroNero8Nero BackItUpNBService.exe
C:Program FilesEsetnod32krn.exe
C:WINDOWSsystem32nvsvc32.exe
C:WINDOWSsystem32IoctlSvc.exe
C:Program FilesComcastDesktop Doctorbinsprtsvc.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32wscntfy.exe
C:WINDOWSsystem32rundll32.exe
C:WINDOWSsystem32ctfmon.exe
C:Program FilesUniblueRegistryBooster 2RegistryBooster.exe
C:Program FilesUniblueSpeedUpMyPC 3SpeedUpMyPC.exe
C:Program FilesUniblueSpyEraserSpyEraser.exe
C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe
C:Program FilesInternet ExplorerIEXPLORE.EXE
C:Program FilesInternet ExplorerIEXPLORE.EXE
C:Program FilesInternet ExplorerIEXPLORE.EXE
C:WINDOWSexplorer.exe
C:Documents and SettingseuserDesktopdss.exe

R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://www.google.com/ie
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://www.google.com
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.comcast.net/comcast.html
R1 - HKCUSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = http://www.google.com/ie
R1 - HKCUSoftwareMicrosoftInternet ExplorerSearchURL,(Default) = http://www.google.com/search?q=%s
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://www.google.com/ie
R1 - HKLMSoftwareMicrosoftInternet ExplorerSearch,Default_Search_URL = http://www.google.com/ie
R1 - HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = http://www.google.com/ie
O2 - BHO: (no name) - {06E12C36-760F-4D92-8509-5E5DBF12C423} - C:WINDOWSsystem32fccdcAQI.dll
O2 - BHO: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:Program FilesComcastToolbarcomcasttoolbar.dll
O2 - BHO: {9d877bd9-54bb-6d6a-f6f4-a139206502c5} - {5c205602-931a-4f6f-a6d6-bb459db778d9} - C:WINDOWSsystem32whcera.dll
O2 - BHO: (no name) - {67F8D442-A8C3-4C92-A7F9-8D8561386F5F} - C:WINDOWSsystem32hgGaXQHb.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:Program FilesGoogleGoogle ToolbarGoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:Program FilesGoogleGoogleToolbarNotifier4.1.509.5470swg.dll
O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:Program FilesComcastToolbarcomcasttoolbar.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:Program FilesGoogleGoogle ToolbarGoogleToolbar.dll
O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSsystem32NvCpl.dll,NvStartup
O4 - HKLM..Run: [201f581c] rundll32.exe "C:WINDOWSsystem32oqvsasch.dll",b
O4 - HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe
O4 - HKCU..Run: [Uniblue RegistryBooster 2] C:Program FilesUniblueRegistryBooster 2RegistryBooster.exe /S
O4 - HKCU..Run: [Uniblue SpeedUpMyPC] C:Program FilesUniblueSpeedUpMyPC 3SpeedUpMyPC.exe -s
O4 - HKCU..Run: [Uniblue SpyEraser] "C:Program FilesUniblueSpyEraserSpyEraser.exe" -m
O4 - HKCU..Run: [swg] C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:PROGRA~1MICROS~2OFFICE12EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab
O18 - Protocol: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:Program FilesCommon FilesMicrosoft SharedHelphxds.dll
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:Program FilesCommon FilesMicrosoft SharedInformation RetrievalMSITSS.DLL
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:Program FilesCommon FilesMicrosoft SharedOFFICE12MSOXMLMF.DLL
O20 - Winlogon Notify: fccdcAQI - C:WINDOWSsystem32fccdcAQI.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:Program FilesCommon FilesAdobe Systems SharedServiceAdobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:Program FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:Program FilesIVT CorporationBlueSoleilBTNtService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:Program FilesBonjourmDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:Program FilesiPodbiniPodService.exe
O23 - Service: M-Audio USB Installer (MAudioUSBService) - M-Audio - C:Program FilesM-AudioFast Track ProMAUSBInst.exe
O23 - Service: Nero BackItUp Scheduler 3 - Unknown owner - C:Program FilesNeroNero8Nero
O23 - Service: NMIndexingService - Nero AG - C:Program FilesCommon FilesNeroLibNMIndexingService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:Program FilesEsetnod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:WINDOWSsystem32nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:WINDOWSsystem32IoctlSvc.exe
O23 - Service: SupportSoft Sprocket Service (ddoctorv2) (sprtsvc_ddoctorv2) - SupportSoft, Inc. - C:Program FilesComcastDesktop Doctorbinsprtsvc.exe


--
End of file - 6599 bytes

-- File Associations -----------------------------------------------------------

.bat - batfile - DefaultIcon - C:Program FilesStardockObject DesktopIconPackagerThemesPixOfficePix Office.icl,58
.hlp - hlpfile - DefaultIcon - C:WINDOWSSystem32shell32.dll,23
.inf - inffile - DefaultIcon - C:WINDOWSsystem32shell32.dll,69
.ini - inifile - DefaultIcon - C:Program FilesStardockObject DesktopIconPackagerThemesPixOfficePix Office.icl,48
.reg - regfile - shellopencommand - "regedit.exe" "%1"
.txt - txtfile - DefaultIcon - C:Program FilesStardockObject DesktopIconPackagerThemesPixOfficePix Office.icl,60


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 BTHidMgr (Bluetooth HID Manager Service) - c:windowssystem32driversbthidmgr.sys <Not Verified; IVT Corporation; BlueSoleil©>
R0 sfdrv01 (StarForce Protection Environment Driver (version 1.x)) - c:windowssystem32driverssfdrv01.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 sfhlp02 (StarForce Protection Helper Driver (version 2.x)) - c:windowssystem32driverssfhlp02.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 sfsync02 (StarForce Protection Synchronization Driver (version 2.x)) - c:windowssystem32driverssfsync02.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 sfvfs02 (StarForce Protection VFS Driver (version 2.x)) - c:windowssystem32driverssfvfs02.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 TPkd - c:windowssystem32driverstpkd.sys <Not Verified; PACE Anti-Piracy, Inc.; InterLok®>
R2 AMON - c:windowssystem32driversamon.sys <Not Verified; Eset; NOD32 Antivirus System>
R3 BlueletAudio (Bluetooth Audio Service) - c:windowssystem32driversblueletaudio.sys <Not Verified; IVT Corporation; Windows ® 2000 DDK driver>
R3 BT (Bluetooth PAN Network Adapter) - c:windowssystem32driversbtnetdrv.sys <Not Verified; IVT Corporation; BlueSoleil>
R3 BTHidEnum (Bluetooth HID Enumerator) - c:windowssystem32driversvbtenum.sys
R3 CLEDX (Team H2O CLEDX service) - c:windowssystem32driverscledx.sys <Not Verified; Team H2O; CLEDX>
R3 pfc (Padus ASPI Shell) - c:windowssystem32driverspfc.sys <Not Verified; Padus, Inc.; Padus® ASPI Shell>
R3 VComm (Virtual Serial port driver) - c:windowssystem32driversvcomm.sys <Not Verified; IVT Corporation; BlueSoleil>
R3 VcommMgr (Bluetooth VComm Manager Service) - c:windowssystem32driversvcommmgr.sys <Not Verified; IVT Corporation; BlueSoleil>

S3 Btcsrusb (Bluetooth USB For Bluetooth Service) - c:windowssystem32driversbtcusb.sys <Not Verified; IVT Corporation; Bluetooth USB Device Driver>
S3 dtscsi - c:windowssystem32driversdtscsi.sys (file missing)
S3 MAUSB (Service for M-Audio Fast Track Pro Driver (WDM)) - c:windowssystem32driversmausb.sys <Not Verified; Midiman/M-Audio; M-Audio Delta FW WDM Driver>
S3 UKS11LDR (M-Audio USB Keystation Loader) - c:windowssystem32driversuks11ldr.sys <Not Verified; MIDIMAN; Midiman USB Keystation Loader>
S3 USBKT1X1 (M-Audio USB Keystation) - c:windowssystem32driversusbkt1x1.sys <Not Verified; Doug Fetter Software Wizardry; Midiman USB Keystation Midi Interface>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:program filescommon filesapplemobile device supportbinapplemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 BlueSoleil Hid Service - c:program filesivt corporationbluesoleilbtntservice.exe
R2 Bonjour Service - "c:program filesbonjourmdnsresponder.exe" <Not Verified; Apple Inc.; Bonjour>
R2 MAudioUSBService (M-Audio USB Installer) - c:program filesm-audiofast track promausbinst.exe <Not Verified; M-Audio; M-Audio USB Installer service>
R2 Nero BackItUp Scheduler 3 - c:program filesneronero8nero backitupnbservice.exe
R2 PLFlash DeviceIoControl Service - c:windowssystem32ioctlsvc.exe <Not Verified; Prolific Technology Inc.; IoctlSvc Application>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-07-16 08:15:22 386 --a------ C:WINDOWSTasksUniblue SpyEraser.job
2008-07-15 12:11:23 270 --a------ C:WINDOWSTasksUniblue SpeedUpMyPC Nag.job
2008-07-15 12:11:17 392 --a------ C:WINDOWSTasksUniblue SpeedUpMyPC.job
2008-07-06 08:53:19 284 --a------ C:WINDOWSTasksAppleSoftwareUpdate.job


-- Files created between 2003-06-21 and 2003-07-21 -----------------------------

2008-07-16 11:38:17 77824 -----n--- C:WINDOWSsystem32olglxqjr.dll
2008-07-16 11:35:23 102400 --a------ C:WINDOWSsystem32otjkow.dll
2008-07-16 11:35:17 102400 --a------ C:WINDOWSsystem32goyivwwl.dll
2008-07-16 11:32:24 91648 --a------ C:WINDOWSsystem32jviadukr.dll
2008-07-16 07:41:38 0 d-------- C:Documents and SettingseuserApplication DataGoogle
2008-07-16 07:40:26 0 d-------- C:Program FilesGoogle
2008-07-16 07:40:26 0 d-------- C:Documents and SettingsAll UsersApplication DataGoogle
2008-07-15 13:26:16 0 dr-h----- C:Documents and SettingseuserRecent
2008-07-15 12:14:04 0 d-------- C:Documents and SettingsAll UsersApplication DataUniblue
2008-07-15 12:05:39 0 d-------- C:Documents and SettingseuserApplication DataUniblue
2008-07-15 12:05:19 0 d-------- C:Program FilesUniblue
2008-07-15 11:31:24 103936 --a------ C:WINDOWSsystem32wsjzqh.dll
2008-07-15 11:31:22 103936 --a------ C:WINDOWSsystem32ywakvyqe.dll
2008-07-15 11:31:06 92160 --a------ C:WINDOWSsystem32shimgtee.dll
2008-07-06 09:46:41 0 d-------- C:Program FilesiPod
2008-07-06 09:46:27 0 d-------- C:Program FilesiTunes
2008-07-06 09:42:46 0 d-------- C:Program FilesBonjour
2008-07-06 09:29:47 0 d-------- C:Program FilesQuickTime
2008-07-06 08:44:03 0 d------c- C:WINDOWSsystem32DRVSTORE
2008-07-06 08:40:01 0 d-------- C:Program FilesCommon FilesApple
2008-07-06 08:39:58 0 d-------- C:Documents and SettingsAll UsersApplication DataApple
2008-07-03 19:44:33 0 d-------- C:Documents and SettingseuserApplication DatamIRC
2008-06-22 09:24:08 0 d-------- C:Documents and SettingsAll UsersApplication DataSupportSoft
2008-06-22 09:22:17 0 d-------- C:Program FilesComcast
2008-06-22 09:21:21 0 d-------- C:Program FilesCommon FilesScanner
2008-06-22 09:21:20 0 d-------- C:Program FilesComcastToolbar
2008-06-22 09:21:16 0 d-------- C:Documents and SettingseuserApplication DataComcastToolbar
2008-06-22 09:20:34 0 d-------- C:Documents and SettingseuserApplication DataMSNInstaller
2008-06-21 15:15:23 0 d-------- C:Program FilesCommon FilesSupportSoft
2008-06-21 15:15:23 0 d-------- C:Program FilesComcastUI
2008-06-02 01:50:46 0 d-------- C:Program FilesNeroInstall.bak
2008-06-02 01:49:21 0 d-------- C:Documents and SettingseuserApplication DataNero
2008-06-02 01:43:02 0 d-------- C:Documents and SettingsAll UsersApplication DataNero
2008-06-02 01:43:01 0 d-------- C:Program FilesCommon FilesNero
2008-06-02 01:29:40 877666 --ahs---- C:WINDOWSsystem32bHQXaGgh.ini2
2008-06-02 01:29:31 373248 --a------ C:WINDOWSsystem32hgGaXQHb.dll
2008-06-02 01:23:57 57344 --a------ C:WINDOWSsystem32fccdcAQI.dll
2008-06-01 23:16:48 0 d-------- C:Documents and SettingseuserApplication DataMacromedia
2008-05-21 22:23:32 0 d-------- C:Program FilesMagicISO
2007-07-26 19:51:40 0 d-------- C:Program FilesPSPaudioware.com
2007-07-26 19:51:32 8278016 --a------ C:WINDOWSsystem32PSP Neon HR.dll
2007-07-26 19:51:31 8151040 --a------ C:WINDOWSsystem32PSP Neon.dll
2007-07-26 19:51:11 0 d-------- C:Program FilesPSP 84
2007-07-26 19:50:31 905290 --a------ C:WINDOWSsystem32libmmd.dll
2007-07-26 19:50:31 0 d-------- C:Program FilesPSP VintageWarmer
2007-07-24 15:17:08 81920 --a------ C:WINDOWSsystem32dns-sd.exe <Not Verified; Apple Inc.; Bonjour>
2007-07-24 15:17:08 61440 --a------ C:WINDOWSsystem32dnssd.dll <Not Verified; Apple Inc.; Bonjour>
2007-07-20 22:25:05 36604 --a------ C:WINDOWSsystem32SpoonUninstall-dBpowerAMP Music Converter.dat
2007-07-20 22:25:05 131072 --a------ C:WINDOWSsystem32SpoonUninstall.exe
2007-07-20 22:25:00 0 d-------- C:Program FilesIllustrate
2007-07-20 11:39:08 0 d-------- C:Documents and SettingsAll UsersApplication DataInstallShield
2007-07-16 18:20:15 2382710 --a------ C:WINDOWSsystem32madiousb.dll <Not Verified; Digidesign; Digidesign FW Support Library>
2007-07-16 18:20:15 102528 --a------ C:WINDOWSsystem32driversmausb.sys <Not Verified; Midiman/M-Audio; M-Audio Delta FW WDM Driver>
2007-07-16 18:20:11 91136 --a------ C:WINDOWSsystem32M-AudioTaskBarIcon.exe <Not Verified; M-Audio, an Avid Technology, Inc. company; >
2007-07-16 18:20:10 18944 --a------ C:WINDOWSsystem32mausbasio.dll <Not Verified; Midiman/M-Audio; M-Audio FW ASIO Support Library>
2007-07-07 09:55:13 0 d-------- C:Program FilesM-Audio
2007-03-19 13:57:46 98304 --a------ C:WINDOWSsystem32CddbLangNL.dll <Not Verified; Gracenote; Gracenote CddbLangNL>
2007-03-19 13:57:46 102400 --a------ C:WINDOWSsystem32CddbLangIT.dll <Not Verified; Gracenote; Gracenote CddbLangIT>
2007-03-19 13:57:46 98304 --a------ C:WINDOWSsystem32CddbLangFR.dll <Not Verified; Gracenote; Gracenote CddbLangFR>
2007-03-19 13:57:46 98304 --a------ C:WINDOWSsystem32CddbLangES.dll <Not Verified; Gracenote; Gracenote CddbLangES>
2007-03-19 13:57:46 98304 --a------ C:WINDOWSsystem32CddbLangDE.dll <Not Verified; Gracenote; Gracenote CddbLangDE>
2007-03-19 13:57:44 765952 --a------ C:WINDOWSsystem32CDDBUI.dll <Not Verified; Gracenote; CDDBUIControl Module>
2007-03-19 13:57:44 77824 --a------ C:WINDOWSsystem32CddbLangJA.dll <Not Verified; Gracenote; Gracenote CddbLangJA>
2007-03-19 13:57:44 655360 --a------ C:WINDOWSsystem32CDDBControl.dll <Not Verified; Gracenote, Inc.; CDDBControl Core Module>
2007-01-21 01:54:43 0 d-------- C:Program FilesActivision
2007-01-21 01:54:14 299008 --a------ C:WINDOWSuninst.exe <Not Verified; InstallShield Corporation, Inc.; InstallShield unInstaller>
2007-01-21 01:54:12 0 d-------- C:Documents and SettingseuserWINDOWS
2007-01-21 01:30:57 118832 --a------ C:WINDOWSsystem32SHW32.DLL <Not Verified; MicroQuill Software Publishing, Inc.; SmartHeap>
2006-12-19 09:30:26 81920 --a------ C:WINDOWSsystem32IoctlSvc.exe <Not Verified; Prolific Technology Inc.; IoctlSvc Application>
2006-08-06 01:10:34 0 d-------- C:Program FilesMSBuild
2006-08-06 01:09:51 0 d-------- C:Program FilesMicrosoft Works
2006-08-06 01:09:45 0 d-------- C:Program FilesMicrosoft.NET
2006-08-06 01:08:41 0 d-------- C:WINDOWSSHELLNEW
2006-08-06 01:08:40 0 d-------- C:Documents and SettingsAll UsersApplication DataMicrosoft Help
2006-08-06 01:07:56 0 dr-h----- C:MSOCache
2006-08-05 23:21:35 0 d-------- C:Documents and SettingseuserApplication DataMy Games
2006-08-05 22:09:10 646392 --a------ C:WINDOWSsystem32driverssptd.sys
2006-08-05 09:29:00 0 d-------- C:Documents and SettingseuserApplication DataSony
2006-08-05 09:24:27 0 d-------- C:Program FilesVstPlugins
2006-08-05 09:23:36 0 d-------- C:Program FilesImage-Line
2006-08-05 09:22:43 0 d-------- C:Unzipped
2006-08-03 16:55:24 0 d-------- C:Documents and SettingsAll UsersApplication DatanView_Profiles
2006-05-26 08:19:28 1841152 --a------ C:WINDOWSsystem32kconvert.dll <Not Verified; Native Instruments Software Synthesis GmbH; Kontakt Convertor>
2006-05-19 07:54:58 393216 --a------ C:WINDOWSsystem32NI_IRC_1_1.dll <Not Verified; Native Instruments Software GmbH; Native Instruments Software GmbH IRC (IR Convolution) extension>
2006-05-19 07:54:58 61440 --a------ C:WINDOWSsystem32NI_DFD_1_4.dll <Not Verified; Native Instruments Software GmbH; Native Instruments Software GmbH DFD (Direct From Disc) extension>
2006-03-17 14:49:46 368640 --a------ C:WINDOWSsystem32TwnLib4.dll <Not Verified; Pegasus Imaging Corporation; TwnLib4 - TwainPRO v4.0 - Utility Library>
2006-03-17 11:45:54 802816 --a------ C:WINDOWSsystem32imagXRA7.dll <Not Verified; Pegasus Imaging Corp.; ImagXpress7>
2006-03-17 11:45:54 258048 --a------ C:WINDOWSsystem32imagXR7.dll <Not Verified; Pegasus Imaging Corp.; ImagXpress7>
2006-03-17 11:45:52 1757184 --a------ C:WINDOWSsystem32imagX7.dll <Not Verified; Pegasus Imaging Corp.; ImagXpress7>
2006-02-08 11:02:48 233472 --a------ C:WINDOWSsystem32ReWire.dll <Not Verified; Propellerhead Software AB; ReWire>
2005-12-09 15:31:18 0 d-------- C:tempf
2005-12-09 15:18:06 0 d-------- C:Documents and SettingseuserApplication DataSnapfish
2005-12-09 15:18:04 0 d-------- C:Documents and SettingseuserApplication DataCyberLink
2005-12-09 15:03:51 421888 --a----c- C:WINDOWSNero PhotoShow.scr
2005-12-09 15:03:51 0 d-------- C:Documents and SettingseuserApplication DataSimple Star
2005-12-09 15:03:51 0 d-------- C:Demo Album
2005-12-09 15:03:35 0 d-------- C:Program FilesNero
2005-12-09 15:03:35 0 d-------- C:Documents and SettingseuserApplication DataAhead
2005-12-09 15:00:36 0 d-------- C:Documents and SettingsAll UsersApplication DataAhead
2005-12-09 15:00:31 0 d-------- C:Program FilesCommon FilesAhead
2005-12-09 15:00:27 0 d-------- C:Program FilesAhead
2005-12-09 12:49:54 0 d-------- C:Documents and SettingsAll UsersApplication DataCyberLink
2005-12-09 12:49:46 0 d-------- C:Program FilesCyberLink
2005-12-09 12:18:01 0 d-------- C:Documents and SettingseuserApplication DataIdentities
2005-12-09 12:17:43 0 d-------- C:Program FilesCommon FilesAdobe
2005-12-09 12:17:39 0 d-------- C:Documents and SettingsAll UsersApplication DataAdobe
2005-12-09 11:46:32 53248 --a----c- C:WINDOWSsystem32wdmioctl.dll <Not Verified; Analog Devices Inc.; Analog Devices Inc. wdmioctl>
2005-12-09 11:46:32 1285632 --a----c- C:WINDOWSsystem32SMMedia.dll <Not Verified; Analog Devices; SoundMAX Integrated Digital Audio>
2005-12-09 11:46:32 49152 --a----c- C:WINDOWSsystem32DSndUp.exe <Not Verified; Analog Devices Inc.; adi DSndUp>
2005-12-09 11:46:32 45056 --a----c- C:WINDOWSsystem32CleanUp.exe <Not Verified; adi; adi CleanUp>
2005-12-09 11:46:32 0 d-------- C:Program FilesAnalog Devices
2005-12-09 11:45:46 15872 --a------ C:WINDOWSsystem32spupdsvc.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2005-12-09 11:44:50 0 d-------- C:Program FilesAMD
2005-12-09 11:44:49 0 d--h----- C:Program FilesInstallShield Installation Information
2005-12-09 11:44:03 0 d-------- C:WINDOWSsystem32ReinstallBackups
2005-12-09 11:43:58 0 d-------- C:Program FilesCommon FilesInstallShield
2005-12-09 11:43:55 0 d--h----- C:Documents and SettingseuserTemplates
2005-12-09 11:43:55 0 dr------- C:Documents and SettingseuserStart Menu
2005-12-09 11:43:55 0 dr-h----- C:Documents and SettingseuserSendTo
2005-12-09 11:43:55 0 d--h----- C:Documents and SettingseuserPrintHood
2005-12-09 11:43:55 0 d--h----- C:Documents and SettingseuserNetHood
2005-12-09 11:43:55 0 dr------- C:Documents and SettingseuserMy Documents
2005-12-09 11:43:55 0 d--h----- C:Documents and SettingseuserLocal Settings
2005-12-09 11:43:55 0 d---s---- C:Documents and SettingseuserFavorites
2005-12-09 11:43:55 0 d-------- C:Documents and SettingseuserDesktop
2005-12-09 11:43:55 0 d---s---- C:Documents and SettingseuserCookies
2005-12-09 11:43:55 0 d--h----- C:Documents and SettingseuserApplication Data
2005-12-09 11:35:01 0 d-------- C:WINDOWSSoftwareDistribution
2005-12-09 11:34:59 0 d-------- C:WINDOWSPrefetch
2005-12-09 11:34:58 0 d---s---- C:WINDOWSsystem32Microsoft
2005-12-09 11:34:58 0 d--h----- C:Documents and SettingsLocalServiceLocal Settings
2005-12-09 11:34:58 0 d---s---- C:Documents and SettingsLocalServiceCookies
2005-12-09 11:34:58 0 d-------- C:Documents and SettingsLocalServiceApplication Data
2005-12-09 11:34:58 0 d---s---- C:Documents and SettingsLocalServiceApplication DataMicrosoft
2005-12-09 11:34:57 237568 --a------ C:Documents and SettingsLocalServiceNTUSER.DAT
2005-12-09 11:34:50 237568 --a------ C:Documents and SettingsNetworkServiceNTUSER.DAT
2005-12-09 11:34:50 0 d--h----- C:Documents and SettingsNetworkServiceLocal Settings
2005-12-09 11:34:50 0 d---s---- C:Documents and SettingsNetworkServiceCookies
2005-12-09 11:34:50 0 d-------- C:Documents and SettingsNetworkServiceApplication Data
2005-12-09 11:34:50 0 d---s---- C:Documents and SettingsNetworkServiceApplication DataMicrosoft
2005-12-09 11:31:52 0 d-------- C:WINDOWSsystem32xircom
2005-12-09 11:31:52 0 d-------- C:Program Filesmicrosoft frontpage
2005-12-09 11:31:50 237568 ---h----- C:Documents and SettingsDefault UserNTUSER.DAT
2005-12-09 11:31:38 0 -rahs---- C:MSDOS.SYS
2005-12-09 11:31:38 0 -rahs---- C:IO.SYS
2005-12-09 11:31:38 0 --a------ C:CONFIG.SYS
2005-12-09 11:31:38 0 --a------ C:AUTOEXEC.BAT
2005-12-09 11:30:41 0 d--hs---- C:Documents and SettingsAll UsersDRM
2005-12-09 11:30:31 0 dr------- C:WINDOWSOffline Web Pages
2005-12-09 11:30:31 0 d---s---- C:WINDOWSDownloaded Program Files
2005-12-09 11:30:21 0 d--h----- C:Program FilesWindowsUpdate
2005-12-09 11:30:02 0 d-------- C:WINDOWSsystem32DirectX
2005-12-09 11:29:32 0 d---s---- C:WINDOWSTasks
2005-12-09 11:29:31 0 d-------- C:Program FilesCommon FilesMSSoap
2005-12-09 11:29:28 0 d-------- C:WINDOWSsrchasst
2005-12-09 11:29:27 0 d-------- C:WINDOWSsystem32Macromed
2005-12-09 11:29:21 0 d-------- C:Program FilesMovie Maker
2005-12-09 11:29:14 0 d-------- C:WINDOWSsystem32Restore
2005-12-09 11:28:54 21640 --a----c- C:WINDOWSsystem32emptyregdb.dat
2005-12-09 11:28:39 0 d-------- C:WINDOWSRegistration
2005-12-09 11:28:14 0 d-------- C:Program FilesOnline Services
2005-12-09 11:28:09 0 d-------- C:Program FilesMessenger
2005-12-09 11:28:06 0 d-------- C:Program FilesMSN Gaming Zone
2005-12-09 11:27:32 0 d-------- C:Program FilesWindows NT
2005-12-09 11:27:29 0 d-------- C:WINDOWSsystem32MsDtc
2005-12-09 11:27:27 0 d-------- C:WINDOWSsystem32Com
2005-12-09 03:25:14 0 d-------- C:WINDOWSnview
2005-12-09 02:53:39 0 d--hs---- C:WINDOWSInstaller
2005-12-09 02:53:38 0 d-------- C:Program FilesCommon FilesODBC
2005-12-09 02:53:35 0 d-------- C:Program Files
2005-12-09 02:53:35 0 d-------- C:Program FilesCommon Files
2005-12-09 02:53:35 0 d-------- C:Program FilesCommon FilesSpeechEngines
2005-12-09 02:53:09 0 d--h----- C:Documents and SettingsDefault UserTemplates
2005-12-09 02:53:09 0 dr------- C:Documents and SettingsDefault UserStart Menu
2005-12-09 02:53:09 0 dr-h----- C:Documents and SettingsDefault UserSendTo
2005-12-09 02:53:09 0 d--h----- C:Documents and SettingsDefault UserRecent
2005-12-09 02:53:09 0 d--h----- C:Documents and SettingsDefault UserPrintHood
2005-12-09 02:53:09 0 d--h----- C:Documents and SettingsDefault UserNetHood
2005-12-09 02:53:09 0 d-------- C:Documents and SettingsDefault UserMy Documents
2005-12-09 02:53:09 0 dr-h----- C:Documents and SettingsDefault UserLocal Settings
2005-12-09 02:53:09 0 d-------- C:Documents and SettingsDefault UserFavorites
2005-12-09 02:53:09 0 d-------- C:Documents and SettingsDefault UserDesktop
2005-12-09 02:53:09 0 d---s---- C:Documents and SettingsDefault UserCookies
2005-12-09 02:53:09 0 d--h----- C:Documents and SettingsAll UsersTemplates
2005-12-09 02:53:09 0 d-------- C:Documents and SettingsAll UsersStart Menu
2005-12-09 02:53:09 0 d-------- C:Documents and SettingsAll UsersFavorites
2005-12-09 02:53:09 0 dr------- C:Documents and SettingsAll UsersDocuments
2005-12-09 02:53:09 0 d-------- C:Documents and SettingsAll UsersDesktop
2005-12-09 02:52:05 0 d-------- C:WINDOWSsystem32CatRoot2
2005-12-09 02:52:05 0 d-------- C:WINDOWSsystem32CatRoot
2005-12-09 02:51:59 0 dr-h----- C:Documents and SettingsDefault UserApplication Data
2005-12-09 02:51:59 0 d---s---- C:Documents and SettingsDefault UserApplication DataMicrosoft
2005-12-09 02:51:59 0 dr-h----- C:Documents and SettingsAll UsersApplication Data
2005-12-09 02:51:59 0 d---s---- C:Documents and SettingsAll UsersApplication DataMicrosoft
2005-12-09 02:51:36 0 d-------- C:Documents and Settings
2005-12-09 02:51:35 0 d--hs---- C:System Volume Information
2005-12-09 02:44:23 0 d-------- C:WINDOWS
2005-12-09 02:44:23 0 d-------- C:WINDOWSWinSxS
2005-12-09 02:44:23 0 dr------- C:WINDOWSWeb
2005-12-09 02:44:23 0 d-------- C:WINDOWStwain_32
2005-12-09 02:44:23 0 d-------- C:WINDOWSsystem32
2005-12-09 02:44:23 0 d-------- C:WINDOWSsystem32wins
2005-12-09 02:44:23 0 d-------- C:WINDOWSsystem32wbem
2005-12-09 02:44:23 0 d-------- C:WINDOWSsystem32usmt
2005-12-09 02:44:23 0 d-------- C:WINDOWSsystem32spool
2005-12-09 02:44:23 0 d-------- C:WINDOWSsystem32ShellExt
2005-12-09 02:44:23 0 d-------- C:WINDOWSsystem32Setup
2005-12-09 02:44:23 0 d-------- C:WINDOWSsystem32ras
2005-12-09 02:44:23 0 d-------- C:WINDOWSsystem32oobe
2005-12-09 02:44:23 0 d-------- C:WINDOWSsystem32npp
2005-12-09 02:44:23 0 d-------- C:WINDOWSsystem32mui
2005-12-09 02:44:23 0 d-------- C:WINDOWSsystem32inetsrv
2005-12-09 02:44:23 0 d-------- C:WINDOWSsystem32IME
2005-12-09 02:44:23 0 d-------- C:WINDOWSsystem32icsxml
2005-12-09 02:44:23 0 d-------- C:WINDOWSsystem32ias
2005-12-09 02:44:23 0 d-------- C:WINDOWSsystem32export
2005-12-09 02:44:23 0 d-------- C:WINDOWSsystem32drivers
2005-12-09 02:44:23 0 d-------- C:WINDOWSsystem32driversetc
2005-12-09 02:44:23 0 d-------- C:WINDOWSsystem32driversdisdn
2005-12-09 02:44:23 0 dr-hs--c- C:WINDOWSsystem32dllcache
2005-12-09 02:44:23 0 d-------- C:WINDOWSsystem32dhcp
2005-12-09 02:44:23 0 d-------- C:WINDOWSsystem32config
2005-12-09 02:44:23 0 d-------- C:WINDOWSsystem323com_dmi
2005-12-09 02:44:23 0 d-------- C:WINDOWSsystem323076
2005-12-09 02:44:23 0 d-------- C:WINDOWSsystem322052
2005-12-09 02:44:23 0 d-------- C:WINDOWSsystem321054
2005-12-09 02:44:23 0 d-------- C:WINDOWSsystem321042
2005-12-09 02:44:23 0 d-------- C:WINDOWSsystem321041
2005-12-09 02:44:23 0 d-------- C:WINDOWSsystem321037
2005-12-09 02:44:23 0 d-------- C:WINDOWSsystem321033
2005-12-09 02:44:23 0 d-------- C:WINDOWSsystem321031
2005-12-09 02:44:23 0 d-------- C:WINDOWSsystem321028
2005-12-09 02:44:23 0 d-------- C:WINDOWSsystem321025
2005-12-09 02:44:23 0 d-------- C:WINDOWSsystem
2005-12-09 02:44:23 0 d-------- C:WINDOWSsecurity
2005-12-09 02:44:23 0 d-------- C:WINDOWSResources
2005-12-09 02:44:23 0 d-------- C:WINDOWSrepair
2005-12-09 02:44:23 0 d-------- C:WINDOWSProvisioning
2005-12-09 02:44:23 0 d-------- C:WINDOWSPeerNet
2005-12-09 02:44:23 0 d-------- C:WINDOWSpchealth
2005-12-09 02:44:23 0 d-------- C:WINDOWSmui
2005-12-09 02:44:23 0 d-------- C:WINDOWSmsapps
2005-12-09 02:44:23 0 d-------- C:WINDOWSmsagent
2005-12-09 02:44:23 0 d-------- C:WINDOWSMedia
2005-12-09 02:44:23 0 d-------- C:WINDOWSjava
2005-12-09 02:44:23 0 d--h----- C:WINDOWSinf
2005-12-09 02:44:23 0 d-------- C:WINDOWSime
2005-12-09 02:44:23 0 d-------- C:WINDOWSHelp
2005-12-09 02:44:23 0 dr--s---- C:WINDOWSFonts
2005-12-09 02:44:23 0 d-------- C:WINDOWSDriver Cache
2005-12-09 02:44:23 0 d-------- C:WINDOWSDebug
2005-12-09 02:44:23 0 d-------- C:WINDOWSCursors
2005-12-09 02:44:23 0 d-------- C:WINDOWSConnection Wizard
2005-12-09 02:44:23 0 d-------- C:WINDOWSConfig
2005-12-09 02:44:23 0 d-------- C:WINDOWSAppPatch
2005-12-09 02:44:23 0 d-------- C:WINDOWSaddins
2005-11-02 16:47:26 10368 -ra------ C:WINDOWSsystem32driverspfc.sys <Not Verified; Padus, Inc.; Padus® ASPI Shell>
2005-10-10 22:49:00 1519616 --a------ C:WINDOWSsystem32nwiz.exe
2005-10-10 22:49:00 1019904 --a----c- C:WINDOWSsystem32nvwimg.dll
2005-10-10 22:49:00 1662976 --a----c- C:WINDOWSsystem32nvwdmcpl.dll
2005-10-10 22:49:00 466944 --a------ C:WINDOWSsystem32nvshell.dll
2005-10-10 22:49:00 1466368 --a------ C:WINDOWSsystem32nview.dll
2005-10-10 22:49:00 1339392 --a----c- C:WINDOWSsystem32nvdspsch.exe
2005-10-10 22:49:00 442368 --a----c- C:WINDOWSsystem32nvappbar.exe
2005-10-10 22:49:00 425984 --a----c- C:WINDOWSsystem32keystone.exe
2005-09-29 10:01:51 66048 --a------ C:WINDOWSsystem32driverssfvfs02.sys <Not Verified; Protection Technology; StarForce Protection System>
2005-09-23 08:28:56 32768 --a------ C:WINDOWSsystem32netfxperf.dll <Not Verified; Microsoft Corporation; Microsoft ® .NET Framework>
2005-09-23 08:28:52 74240 --a------ C:WINDOWSsystem32mscories.dll <Not Verified; Microsoft Corporation; Microsoft® .NET Framework>
2005-09-23 08:28:52 150016 --a------ C:WINDOWSsystem32mscorier.dll <Not Verified; Microsoft Corporation; Microsoft® .NET Framework>
2005-09-23 08:28:52 270848 --a------ C:WINDOWSsystem32mscoree.dll <Not Verified; Microsoft Corporation; Microsoft® .NET Framework>
2005-09-23 08:28:38 83456 --a------ C:WINDOWSsystem32dfshim.dll <Not Verified; Microsoft Corporation; Microsoft® .NET Framework>
2005-08-10 07:06:28 19968 --a------ C:WINDOWSsystem32driverssfsync02.sys <Not Verified; Protection Technology; StarForce Protection System>
2005-08-10 05:44:04 50688 --a------ C:WINDOWSsystem32driverssfdrv01.sys <Not Verified; Protection Technology; StarForce Protection System>
2005-05-16 06:20:39 6656 --a------ C:WINDOWSsystem32driverssfhlp02.sys <Not Verified; Protection Technology; StarForce Protection System>
2005-03-20 22:07:18 0 d-------- C:Documents and SettingseuserApplication DataApple Computer
2005-03-20 22:06:02 0 d-------- C:Program FilesApple Software Update
2005-03-20 22:04:45 0 d-------- C:Documents and SettingsAll UsersApplication DataApple Computer
2005-01-13 00:51:01 0 dr-h----- C:Documents and SettingseuserApplication DataSecuROM
2005-01-13 00:51:00 98304 --a------ C:WINDOWSsystem32CmdLineExt.dll <Not Verified; Sony DADC Austria AG.; >
2004-12-27 03:09:51 393216 --a------ C:WINDOWSsystem32NI_IRC_1_2.dll <Not Verified; Native Instruments Software GmbH; Native Instruments Software GmbH IRC (IR Convolution) extension>
2004-12-27 03:09:09 61440 --a------ C:WINDOWSsystem32NI_DFD_1_5.dll <Not Verified; Native Instruments Software GmbH; Native Instruments Software GmbH DFD (Direct From Disc) extension>
2004-12-27 03:09:09 1870336 --a------ C:WINDOWSsystem32bconvert.dll <Not Verified; Native Instruments Software Synthesis GmbH; Battery Convertor>
2004-12-27 02:56:00 724992 --a------ C:WINDOWSiun6002.exe <Not Verified; Indigo Rose Corporation; Setup Factory 6.0 Runtime Module>
2004-12-27 02:55:54 0 d-------- C:Program FilesM-Audio USB Keyboard Device
2004-12-27 02:55:47 82944 --a------ C:WINDOWSsystem32usbkt1x1.dll <Not Verified; Doug Fetter Software Wizardry; Midiman USB Keystation Midi Interface>
2004-12-27 02:55:47 22304 --a------ C:WINDOWSsystem32driversusbkt1x1.sys <Not Verified; Doug Fetter Software Wizardry; Midiman USB Keystation Midi Interface>
2004-12-27 02:55:47 13504 --a------ C:WINDOWSsystem32driversuks11ldr.sys <Not Verified; MIDIMAN; Midiman USB Keystation Loader>
2004-12-21 23:54:35 0 d-------- C:NeverEnding
2004-12-17 02:50:34 0 d-------- C:Program FilesAutoCAD 2007
2004-12-17 02:50:34 0 d-------- C:Documents and SettingseuserApplication DataAutodesk
2004-12-17 02:50:34 0 d-------- C:Documents and SettingsAll UsersApplication DataAutodesk
2004-12-17 02:49:14 0 d-------- C:Program FilesCommon FilesAutodesk Shared
2004-12-17 02:49:09 0 d-------- C:Program FilesAutodesk
2004-12-11 00:23:25 0 d-------- C:Movies
2004-12-05 01:08:41 233472 --a------ C:WINDOWSsystem32REX Shared Library.dll <Not Verified; Propellerhead Software AB; n/a>
2004-11-29 23:15:48 0 d-------- C:MOHAA
2004-11-29 15:01:14 187392 --a------ C:WINDOWSsystem32JPGUtils.dll
2004-11-29 15:01:13 0 d-------- C:Program FilesWinCustomize
2004-11-29 14:59:59 0 d-------- C:Program FilesCursorXP
2004-11-29 14:55:01 0 d-------- C:Program FilesCommon FilesStardock
2004-11-29 14:55:00 0 d-------- C:Program FilesStardock
2004-11-26 14:57:02 0 d-------- C:Documents and SettingsAll UsersApplication DataBluetooth
2004-11-26 14:53:03 63488 -ra------ C:WINDOWSsystem32driverswssbtr1f.sys <Not Verified; National Semiconductor Sweden AB; National Semiconductor Sweden AB BlueCard PCMCIA driver>
2004-11-26 14:53:03 48556 -ra------ C:WINDOWSsystem32driversSktBt2k.sys <Not Verified; Socket Communications, Inc.; SIO9502K>
2004-11-26 14:53:03 77824 -ra------ C:WINDOWSsystem32driversSioUi2k.dll <Not Verified; Socket Communications Inc.; 16C950>
2004-11-26 14:53:03 48076 -ra------ C:WINDOWSsystem32driversSio9502k.sys <Not Verified; Socket Communications, Inc.; SIO9502K>
2004-11-26 14:53:03 40960 -ra------ C:WINDOWSsystem32driversSCTray.exe <Not Verified; Socket Communications Inc.; SCTray>
2004-11-26 14:53:02 51169 -ra------ C:WINDOWSsystem32driversOXSER.SYS <Not Verified; OEM; OX16C95x>
2004-11-26 14:52:53 12504 --a------ C:WINDOWSsystem32driversVHIDMini.sys <Not Verified; IVT Corporation; IVT BlueSoleil>
2004-11-26 14:52:53 82148 --a------ C:WINDOWSsystem32driversVcommMgr.sys <Not Verified; IVT Corporation; BlueSoleil>
2004-11-26 14:52:53 61312 --a------ C:WINDOWSsystem32driversVComm.sys <Not Verified; IVT Corporation; BlueSoleil>
2004-11-26 14:52:53 11604 --a------ C:WINDOWSsystem32driversvbtenum.sys
2004-11-26 14:52:53 116021 --a------ C:WINDOWSsystem32driversfw203x.sys <Not Verified; Broadcom; >
2004-11-26 14:52:53 13304 --a------ C:WINDOWSsystem32driversBTNetFilter.sys
2004-11-26 14:52:53 10804 --a------ C:WINDOWSsystem32driversBtNetDrv.sys <Not Verified; IVT Corporation; BlueSoleil>
2004-11-26 14:52:53 28207 --a------ C:WINDOWSsystem32driversBTHidMgr.sys <Not Verified; IVT Corporation; BlueSoleil©>
2004-11-26 14:52:53 20096 --a------ C:WINDOWSsystem32driversblueletaudio.sys <Not Verified; IVT Corporation; Windows ® 2000 DDK driver>
2004-11-26 14:52:52 22488 --a------ C:WINDOWSsystem32driversbtcusb.sys <Not Verified; IVT Corporation; Bluetooth USB Device Driver>
2004-11-26 14:52:52 7680 --a------ C:WINDOWSsystem32btinstall.dll <Not Verified; IVT Corporation; BlueSoleil>
2004-11-26 14:52:52 0 d-------- C:Program FilesIVT Corporation
2004-11-26 03:01:07 98304 --a------ C:WINDOWSsystem32CmdLineExt.dll <Not Verified; Sony DADC Austria AG.; >
2004-11-22 12:57:38 664 --a------ C:WINDOWSsystem32d3d9caps.dat
2004-11-09 01:33:03 0 d-------- C:Documents and SettingseuserApplication DataOpera
2004-10-30 19:04:09 0 d-------- C:Documents and SettingsAll UsersApplication DataAdobe Systems
2004-10-30 19:04:04 0 d-------- C:Program FilesCommon FilesAdobe Systems Shared
2004-10-25 01:57:39 889 --a------ C:WINDOWSeReg.dat
2004-10-23 15:02:42 0 d-------- C:Documents and SettingseuserApplication DataAtari
2004-10-23 14:44:31 0 d-------- C:Documents and SettingseuserApplication DataLeadertech
2004-10-19 02:05:08 442368 -ra------ C:WINDOWSsystem32vp6vfw.dll <Not Verified; On2.com; On2_VP6>
2004-10-19 01:32:06 0 d-------- C:Program FilesWarcraft III
2004-10-18 02:32:49 0 d-------- C:Program FilesUbisoft
2004-10-15 00:44:21 0 d-------- C:Documents and SettingseuserApplication DataHelp
2004-10-10 00:43:21 0 d-------- C:Program FilesTHQ
2004-09-05 18:30:32 0 d-------- C:Ringtones
2004-08-28 23:05:41 0 d-------- C:Documents and SettingseuserApplication DataAdobeUM
2004-08-28 23:02:58 0 d-------- C:Documents and SettingseuserApplication DataAdobe
2004-08-26 15:49:26 274432 --a------ C:WINDOWSsystem32imon.dll <Not Verified; Eset; NOD32 Antivirus System>
2004-08-26 15:49:26 502368 --a------ C:WINDOWSsystem32driversamon.sys <Not Verified; Eset; NOD32 Antivirus System>
2004-08-11 01:45:04 38912 --a------ C:WINDOWSsystem32wdfmgr(2).exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 05:00:00 229376 --a------ C:WINDOWSsystem32wmasf(2).dll <Not Verified; Microsoft Corporation; Microsoft® Windows Media Services>
2004-08-04 05:00:00 163644 --a----c- C:WINDOWSsystem32driverssecdrv.sys <Not Verified; Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.; Macrovision SECURITY Driver>
2004-07-14 17:19:43 102400 --a------ C:WINDOWSsystem32vabgzt.dll
2004-07-14 17:19:41 102400 --a------ C:WINDOWSsystem32knulamxn.dll
2004-07-14 17:19:16 91136 --a------ C:WINDOWSsystem32djbgjgyn.dll
2004-07-13 17:19:51 103424 --a------ C:WINDOWSsystem32hpxpds.dll
2004-07-13 17:19:50 103424 --a------ C:WINDOWSsystem32qrfetviq.dll
2004-07-13 17:18:55 78848 -----n--- C:WINDOWSsystem32cialipwx.dll
2004-07-13 17:18:43 91648 --a------ C:WINDOWSsystem32xtwlbfaw.dll
2004-06-10 16:35:15 0 d-------- C:Program FilesDX Utilities
2004-06-10 16:35:14 0 d-------- C:Program FilesWaveshells
2004-06-10 16:35:11 0 d-------- C:Program FilesPlug-Ins
2004-06-10 16:35:10 0 d-------- C:Program FilesAiR LOGS
2003-08-21 21:51:24 0 d-------- C:DEFAULT
2003-08-21 21:15:36 0 d-------- C:WINDOWSsystem32NtmsData
2003-08-21 20:21:31 0 d-------- C:Documents and SettingseuserApplication DataCakewalk
2003-08-20 17:55:14 274432 --a------ C:WINDOWSsystem32imon(2).dll <Not Verified; Eset; NOD32 Antivirus System>
2003-08-20 17:53:07 1020 --a------ C:WINDOWSsystem32RunDLL32
2003-08-20 17:48:35 0 d-------- C:WINDOWSsystem32driversumdf
2003-08-19 10:48:12 5505024 --a------ C:Documents and Settingseuserntuser.dat
2003-08-15 19:26:15 0 d-------- C:Documents and SettingsAll UsersApplication DataPropellerhead Software
2003-08-15 19:26:14 0 d-------- C:Documents and SettingseuserApplication DataPropellerhead Software
2003-08-15 19:24:07 0 d-------- C:Program FilesPropellerhead
2003-08-15 18:42:42 0 d-------- C:Program FilesTGTSoft
2003-08-12 19:30:36 0 d-------- C:Program FilesRegistry Toolkit
2003-08-12 19:23:35 0 d-------- C:Program FilesCommon FilesPACE Anti-Piracy
2003-08-12 19:23:35 0 d-------- C:Documents and SettingseuserApplication DataWaves Audio
2003-08-12 19:23:35 0 d-------- C:Documents and SettingseuserApplication DataPACE Anti-Piracy
2003-08-12 19:23:35 0 d-------- C:Documents and SettingsAll UsersApplication DataPACE Anti-Piracy
2003-08-12 19:23:29 0 d-------- C:Program FilesWaves
2003-08-12 19:21:28 785 -----n--- C:WINDOWSTpkdboot.reg
2003-08-12 19:21:28 634880 --a------ C:WINDOWSsystem32ilinet.dll <Not Verified; PACE Anti-Piracy; InterLok>
2003-08-12 19:21:28 72032 --a------ C:WINDOWSsystem32driversTPkd.sys <Not Verified; PACE Anti-Piracy, Inc.; InterLok®>
2003-08-12 19:21:28 27328 --a------ C:WINDOWSsystem32driversiLokDrvr.sys <Not Verified; PACE Anti-Piracy, Inc.; iLok®>
2003-08-08 19:07:44 0 d-------- C:Documents and SettingseuserApplication DataNetMedia Providers
2003-08-08 18:38:02 0 d-------- C:Program FilesAixcoustic
2003-08-08 18:25:10 0 d-------- C:Music
2003-08-08 17:09:10 0 d-------- C:Documents and SettingseuserApplication DataPublish Providers
2003-08-08 17:07:34 0 d-------- C:Program FilesSony Setup
2003-08-07 21:26:44 0 d-------- C:Program FilesSony
2003-08-06 22:13:01 0 d-------- C:Program FilesCommon FilesDigidesign
2003-08-06 22:09:25 0 d-------- C:Program FilesToontrack
2003-08-06 22:02:44 0 d-------- C:Program FilesSynful
2003-08-06 22:02:44 0 d-------- C:Documents and SettingsAll UsersApplication DataSynful
2003-08-06 22:00:56 0 d-------- C:Projects
2003-08-06 21:59:30 32 --a------ C:WINDOWSsystem32msvcsv60.dll
2003-08-06 21:59:30 32 --a------ C:WINDOWSmsocreg32.dat
2003-08-06 21:59:28 0 d-------- C:Program FilesIK Multimedia
2003-08-06 21:57:06 69632 --a------ C:WINDOWSsystem32NI_DFD_1_2_9.dll <Not Verified; Native Instruments Software GmbH; Native Instruments Software GmbH DFD (Direct From Disc) extension>
2003-08-06 21:57:04 0 d-------- C:Program FilesDigidesign
2003-08-06 21:51:50 0 d-------- C:Program FilesMakingWaves
2003-08-06 21:50:28 0 d-------- C:Program FilesCommon FilesiZotope
2003-08-06 21:47:26 0 d-------- C:temp
2003-08-06 21:45:52 28108 --a------ C:WINDOWSsystem32unrar.dll
2003-08-06 21:36:29 0 d-------- C:Documents and SettingseuserApplication DataSteinberg
2003-08-06 15:39:46 0 d-------- C:WINDOWSRegisteredPackages
2003-08-06 15:39:38 487936 --a------ C:WINDOWSsystem32rmbe3260.dll <Not Verified; RealNetworks, Inc.; RealNetworks RealProducer Build Engine (32-bit)>
2003-08-06 15:39:38 87040 --a------ C:WINDOWSsystem32ra32sipr.dll <Not Verified; RealNetworks, Inc.; RealMedia Shared Component (32-bit)>
2003-08-06 15:39:38 21504 --a------ C:WINDOWSsystem32ra32dnet.dll <Not Verified; RealNetworks, Inc.; RealAudio™ Shared Component (32-bit)>
2003-08-06 15:39:38 72704 --a------ C:WINDOWSsystem32ra3228_8.dll <Not Verified; RealNetworks, Inc.; 28.8 Audio Codec for RealAudio™ (32-bit) RealVideo Encoder SDK 5.0>
2003-08-06 15:39:38 81920 --a------ C:WINDOWSsystem32ra3214_4.dll <Not Verified; RealNetworks, Inc.; 14.4 Audio Codec for RealAudio™ (32-bit) RealVideo Encoder SDK 5.0>
2003-08-06 15:39:38 352768 --a------ C:WINDOWSsystem32pngu3263.dll <Not Verified; RealNetworks, Inc.; RealPlayer (32-bit)>
2003-08-06 15:39:38 131072 --a------ C:WINDOWSsystem32pneng50.dll <Not Verified; RealNetworks, Inc.; RealNetworks RealVideo Encoder Engine (32-bit)>
2003-08-06 15:39:38 130560 --a------ C:WINDOWSsystem32pnc3250.dll <Not Verified; RealNetworks, Inc.; Low-Level API for RealAudio™ Encoder (32-bit)>
2003-08-06 15:39:38 85504 --a------ C:WINDOWSsystem32encdnet.dll <Not Verified; RealNetworks, Inc.; RealAudio™ Shared Component (32-bit)>
2003-08-06 15:39:38 61952 --a------ C:WINDOWSsystem32decdnet.dll <Not Verified; RealNetworks, Inc.; RealAudio™ Shared Component (32-bit)>
2003-08-06 15:39:16 0 d-------- C:Program FilesSteinberg
2003-08-06 15:35:47 33792 --a------ C:WINDOWSsystem32driverscledx.sys <Not Verified; Team H2O; CLEDX>
2003-08-06 15:35:43 16896 --a------ C:WINDOWSsystem32driverssynasUSB.sys <Not Verified; Syncrosoft GmbH; USB protection device>
2003-08-06 15:35:42 45056 --a------ C:WINDOWSsystem32Synsopos.exe <Not Verified; Syncrosoft Hard- und Software GmbH; Syncrosoft Synsopos>
2003-08-06 15:35:42 147456 --a------ C:WINDOWSsystem32SynsoLChk.dll <Not Verified; Syncrosoft Hard- und Software GmbH; >
2003-08-06 15:35:42 704512 --a------ C:WINDOWSsystem32SYNSOACC.dll <Not Verified; Syncrosoft Hard- und Software GmbH; SYNCROSOFT SYNSOACC>
2003-08-06 15:35:42 0 d-------- C:Program FilesSyncrosoft
2003-07-20 20:55:52 0 d---s---- C:Documents and SettingseuserUserData
2003-07-20 08:48:27 102912 --a------ C:WINDOWSsystem32whcera.dll
2003-07-20 08:48:25 102912 --a------ C:WINDOWSsystem32bxalelby.dll
2003-07-20 08:45:26 78848 --a------ C:WINDOWSsystem32oqvsasch.dll
2003-07-20 08:42:25 91648 --a------ C:WINDOWSsystem32boodsrhn.dll
2003-07-19 08:42:29 102912 --a------ C:WINDOWSsystem32spsnjn.dll
2003-07-19 08:42:25 102912 --a------ C:WINDOWSsystem32kinmnkvt.dll
2003-07-19 08:39:32 91136 --a------ C:WINDOWSsystem32tqfqunru.dll
2003-07-18 08:42:26 102912 --a------ C:WINDOWSsystem32uelgre.dll
2003-07-18 08:42:25 102912 --a------ C:WINDOWSsystem32gmvtvhtr.dll
2003-07-18 08:39:25 91648 --a------ C:WINDOWSsystem32nomgwnkq.dll
2003-07-17 08:40:09 103424 --a------ C:WINDOWSsystem32mfxpdl.dll
2003-07-17 08:40:04 103424 --a------ C:WINDOWSsystem32rjjwgetm.dll
2003-07-17 08:39:46 78336 --a------ C:WINDOWSsystem32aixaxidl.dll
2003-07-17 08:39:28 92672 --a------ C:WINDOWSsystem32tyhpfkmf.dll


-- Find3M Report ---------------------------------------------------------------

2006-08-13 21:16:32 1470464 --a------ C:Program FilesWavesShell-DAE 5.7.dpm <Not Verified; Waves Audio Ltd.; WavesShellDAE>
2006-08-13 21:16:18 25214 --a------ C:Program FilesWavesIcon.ico
2006-08-13 21:16:18 191 --a------ C:Program FilesWaves Home Page.html
2006-08-13 21:16:18 16319 --a------ C:Program FilesReadme for Waves SSL 4000 Collection 1.2.htm
2006-08-13 21:16:18 12213 --a------ C:Program FilesReadme for Waves SSL 4000 Collection 1.1.htm
2005-12-09 02:53:09 62 --ahs---- C:Documents and SettingseuserApplication Datadesktop.ini


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE~Browser Helper Objects{06E12C36-760F-4D92-8509-5E5DBF12C423}]
06/02/2008 01:23 AM 57344 --a------ C:WINDOWSsystem32fccdcAQI.dll

[HKEY_LOCAL_MACHINE~Browser Helper Objects{5c205602-931a-4f6f-a6d6-bb459db778d9}]
07/20/2003 08:48 AM 102912 --a------ C:WINDOWSsystem32whcera.dll

[HKEY_LOCAL_MACHINE~Browser Helper Objects{67F8D442-A8C3-4C92-A7F9-8D8561386F5F}]
06/02/2008 01:29 AM 373248 --a------ C:WINDOWSsystem32hgGaXQHb.dll

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
"@"="" []
"NvCplDaemon"="C:WINDOWSsystem32NvCpl.dll" [10/10/2005 10:49 PM]
"201f581c"="C:WINDOWSsystem32oqvsasch.dll" [07/20/2003 08:45 AM]

[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
"ctfmon.exe"="C:WINDOWSsystem32ctfmon.exe" [08/04/2004 05:00 AM]
"Uniblue RegistryBooster 2"="C:Program FilesUniblueRegistryBooster 2RegistryBooster.exe" [12/05/2007 03:51 PM]
"Uniblue SpeedUpMyPC"="C:Program FilesUniblueSpeedUpMyPC 3SpeedUpMyPC.exe" [12/07/2007 09:42 AM]
"Uniblue SpyEraser"="C:Program FilesUniblueSpyEraserSpyEraser.exe" [01/08/2008 09:14 AM]
"swg"="C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe" [07/16/2008 07:41 AM]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerShellExecuteHooks]
"{06E12C36-760F-4D92-8509-5E5DBF12C423}"= C:WINDOWSsystem32fccdcAQI.dll [06/02/2008 01:23 AM 57344]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionwinlogonnotifyfccdcAQI]
fccdcAQI.dll 06/02/2008 01:23 AM 57344 C:WINDOWSsystem32fccdcAQI.dll

[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetcontrollsa]
"Authentication Packages"= msv1_0 C:WINDOWSsystem32hgGaXQHb

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionsvchost]
bthsvcs BthServ


[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{40fca8cf-6898-11da-a8d7-806d6172696f}]




-- End of Deckard's System Scanner: finished at 2003-07-21 09:38:26 ------------

Sorry, I forgot the extra.txt:

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: AMD Athlon™ 64 Processor 3200+
Percentage of Memory in Use: 30%
Physical Memory (total/avail): 2495.3 MiB / 1729.3 MiB
Pagefile Memory (total/avail): 5338.45 MiB / 4713.55 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1896.88 MiB

C: is Fixed (NTFS) - 149.05 GiB total, 10 GiB free.
D: is CDROM (Unformatted)
E: is CDROM (No Media)
F: is CDROM (No Media)
G: is CDROM (No Media)
H: is CDROM (No Media)
J: is Removable (FAT)

.PHYSICALDRIVE0 - WDC WD1600JB-98GVC0 - 149.05 GiB - 1 partition
PARTITION0 (bootable) - Installable File System - 149.05 GiB - C:

.PHYSICALDRIVE1 - OCZ ET1208AD USB Device - 1953.22 MiB - 1 partition
PARTITION0 (bootable) - MS-DOS V4 Huge - 1959.97 MiB - J:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.
AntivirusOverride is set.

AV: Eset NOD32 antivirus system 2.51 v2.51 (Eset) Outdated

[HKLMSystemCurrentControlSetServicesSharedAccessParametersFirewallPolicyDomainProfileAuthorizedApplicationsList]
"%windir%system32sessmgr.exe"="%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKLMSystemCurrentControlSetServicesSharedAccessParametersFirewallPolicyStandardProfileAuthorizedApplicationsList]
"%windir%system32sessmgr.exe"="%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:Program FilesWarcraft IIIWarcraft III.exe"="C:Program FilesWarcraft IIIWarcraft III.exe:*:Enabled:Warcraft III"
"C:Program FilesCodemastersWorms 4 MayhemWORMS 4 MAYHEM.EXE"="C:Program FilesCodemastersWorms 4 MayhemWORMS 4 MAYHEM.EXE:*:Enabled:Worms 4 Mayhem"
"C:Program FilesTHQCompany of HeroesBugReportBugReport.exe"="C:Program FilesTHQCompany of HeroesBugReportBugReport.exe:*:Enabled:BugReport"
"C:Program FilesIVT CorporationBlueSoleilBlueSoleil.exe"="C:Program FilesIVT CorporationBlueSoleilBlueSoleil.exe:*:Enabled:BlueSoleil"
"C:MOHAAMOHAA.exe"="C:MOHAAMOHAA.exe:*:Enabled:Medal of Honor Allied Assault"
"C:Program FilesElectronic ArtsThe Battle for Middle-earth ™ IIgame.dat"="C:Program FilesElectronic ArtsThe Battle for Middle-earth ™ IIgame.dat:*:Enabled:The Battle for Middle-earth™ II"
"C:MOHAAmoh_spearhead.exe"="C:MOHAAmoh_spearhead.exe:*:Enabled:Medal of Honor Allied Assault™ Spearhead"
"C:Documents and SettingseuserMy DocumentsDownloadsmIRC 6.3 + keygenmIRC 6.3 + keygenmIRC - English.exe"="C:Documents and SettingseuserMy DocumentsDownloadsmIRC 6.3 + keygenmIRC 6.3 + keygenmIRC - English.exe:*:Enabled:mIRC"
"C:Program FilesBonjourmDNSResponder.exe"="C:Program FilesBonjourmDNSResponder.exe:*:Enabled:Bonjour"
"C:Program FilesiTunesiTunes.exe"="C:Program FilesiTunesiTunes.exe:*:Enabled:iTunes"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:Documents and SettingsAll Users
APPDATA=C:Documents and SettingseuserApplication Data
CLASSPATH=.;C:Program FilesQuickTimeQTSystemQTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:Program FilesCommon Files
COMPUTERNAME=YOUR-B4C8D5417F
ComSpec=C:WINDOWSsystem32cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=Documents and Settingseuser
LOGONSERVER=YOUR-B4C8D5417F
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:Program FilesInternet Explorer;;C:WINDOWSsystem32;C:WINDOWS;C:WINDOWSSystem32Wbem;C:Program FilesCommon FilesiZotopeRuntimes;C:Program FilesCommon FilesAdobeAGL;C:Program FilesQuickTimeQTSystem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 47 Stepping 2, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=2f02
ProgramFiles=C:Program Files
PROMPT=$P$G
QTJAVA=C:Program FilesQuickTimeQTSystemQTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:WINDOWS
TEMP=C:DOCUME~1euserLOCALS~1Temp
TMP=C:DOCUME~1euserLOCALS~1Temp
USERDOMAIN=YOUR-B4C8D5417F
USERNAME=euser
USERPROFILE=C:Documents and Settingseuser
windir=C:WINDOWS
__COMPAT_LAYER=EnableNXShowUI


-- User Profiles ---------------------------------------------------------------

euser (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:Program FilesNeroNero8nerouninstallUNNERO.exe /UNINSTALL
--> C:WINDOWSUNNeroBackItUp.exe /UNINSTALL
--> C:WINDOWSUNNeroMediaHome.exe /UNINSTALL
--> C:WINDOWSUNNeroShowTime.exe /UNINSTALL
--> C:WINDOWSUNNeroVision.exe /UNINSTALL
--> C:WINDOWSUNRecode.exe /UNINSTALL
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:WINDOWSINFPCHealth.inf
Adobe Bridge 1.0 --> MsiExec.exe /I{B74D4E10-1033-0000-0000-000000000001}
Adobe Common File Installer --> MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39}
Adobe Flash Player ActiveX --> C:WINDOWSsystem32MacromedFlashuninstall_activeX.exe
Adobe Photoshop CS2 --> msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D}
Adobe Reader 7.1.0 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A71000000002}
Adobe Stock Photos 1.0 --> MsiExec.exe /I{786C5747-1033-0000-B58E-000000000001}
Apple Mobile Device Support --> MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
Athlon 64 Processor Driver --> RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime0901Intel32Ctor.dll,LaunchSetup "C:Program FilesInstallShield Installation Information{C151CE54-E7EA-4804-854B-F515368B0798}setup.exe" -l0x9
Autodesk DWF Viewer --> C:PROGRA~1AutodeskAUTODE~1Setup.exe /remove /q0
BlueSoleil --> RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup "C:Program FilesInstallShield Installation Information{B9F499B8-D1F0-42FC-84BE-CC552123CCCB}Setup.exe" -l0x9
Bonjour --> MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
Comcast Toolbar --> C:Program FilesComcastToolbaruninstall.exe
Comcast Universal Installer v1.2 --> MsiExec.exe /I{54AE3C08-D7D8-45FF-9348-0B4BE0D5A6CB}
CursorXP --> C:Program FilesCursorXPCurXPUtil.exe -u
dBpowerAMP Music Converter --> "C:WINDOWSsystem32SpoonUninstall.exe" <uninstall>C:WINDOWSsystem32SpoonUninstall-dBpowerAMP Music Converter.dat
Desktop Doctor --> MsiExec.exe /I{D87149B3-7A1D-4548-9CBF-032B791E5908}
Fast Track Pro --> RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime1050Intel32Ctor.dll,LaunchSetup "C:Program FilesInstallShield Installation Information{3E67F68D-3797-4B6A-B02C-27BC98DFEBDA}setup.exe" -l0x9 -removeonly
Google Toolbar for Internet Explorer --> "C:Program FilesGoogleGoogle ToolbarComponentGoogleToolbarManager_10FCC68A3F52E15D.exe" /uninstall
Google Toolbar for Internet Explorer --> MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}
High Definition Audio Driver Package - KB888111 --> C:WINDOWS$NtUninstallKB888111WXPSP2$spuninstspuninst.exe
HijackThis 1.99.1 --> C:Program FilesHijackThisHijackThis.exe /uninstall
IconPackager --> C:PROGRA~1StardockOBJECT~1ICONPA~1iconpackager.exe /uninstallwise
iTunes --> MsiExec.exe /I{9F70BF98-003C-491D-81FC-FF9792206AF0}
Macromedia Flash Player 8 --> RunDll32 advpack.dll,LaunchINFSection C:WINDOWSINFswflash.inf,DefaultUninstall,5
Microsoft Office Access MUI Edition (English) 12 [pre-release] --> MsiExec.exe /X{10120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Excel MUI Edition (English) 12 [pre-release] --> MsiExec.exe /X{10120000-0016-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI Edition (English) 12 [pre-release] --> MsiExec.exe /X{10120000-0044-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI Edition (English) 12 [pre-release] --> MsiExec.exe /X{10120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI Edition (English) 12 [pre-release] --> MsiExec.exe /X{10120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Professional Edition 12 [pre-release] --> MsiExec.exe /X{10120000-0011-0000-0000-0000000FF1CE}
Microsoft Office Professional Enterprise Edition 12 [pre-release] --> "C:Program FilesCommon FilesMicrosoft SharedOffice Setup Controllersetup.exe" /uninstall PRO
Microsoft Office Proof Edition (English) 12 [pre-release] --> MsiExec.exe /X{10120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI Edition (English) 12 [pre-release] --> MsiExec.exe /X{10120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI Edition (English) 12 [pre-release] --> MsiExec.exe /X{10120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Word MUI Edition (English) 12 [pre-release] --> MsiExec.exe /X{10120000-001B-0409-0000-0000000FF1CE}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
MSN --> C:Program FilesMSNMsnInstallermsninst.exe /Action:ARP
Nero 8 --> MsiExec.exe /X{BE282C23-5484-47FF-B2C1-EBEA5C891033}
Nero PhotoShow Express --> "C:Program FilesNerodataXtrasUninstall.exe"
neroxml --> MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
NOD32 antivirus system --> C:Program FilesEsetSetupsetup.exe /UNINSTALL
NOD32 FiX v2.1 --> "C:Program FilesEsetunins000.exe"
NVIDIA Drivers --> C:WINDOWSsystem32nvuide.exe UninstallGUI
PowerDVD --> RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup "C:Program FilesInstallShield Installation Information{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}setup.exe" -uninstall
PSP 84 v1.0 --> C:PROGRA~1PSP84~1UNWISE.EXE C:PROGRA~1PSP84~1INSTALL.LOG
PSP Audioware Neon HR VST RTAS --> C:PROGRA~1PSPAUD~1.COMPSPNEO~1UNINST~1UNWISE.EXE C:PROGRA~1PSPAUD~1.COMPSPNEO~1UNINST~1INSTALL.LOG
PSP VintageWarmer v1.5d --> C:PROGRA~1PSPVIN~1UNWISE.EXE C:PROGRA~1PSPVIN~1INSTALL.LOG
QuickTime --> MsiExec.exe /I{08CA9554-B5FE-4313-938F-D4A417B81175}
ReCycle 2.1 --> "C:Program FilesPropellerheadReCycleunins000.exe"
Registry Toolkit 1.2.9 --> "C:Program FilesRegistry Toolkitunins000.exe"
Sony Noise Reduction Plug-In 2.0e --> MsiExec.exe /X{D533C9D4-ED96-4191-B9C3-279C0DD6BABA}
Sony Sound Forge 9.0 --> MsiExec.exe /X{6842DCCB-2840-4E46-8AF3-BEA9CFF3455B}
SoundMAX --> RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime1000Intel32Ctor.dll,LaunchSetup "C:Program FilesInstallShield Installation Information{F0A37341-D692-11D4-A984-009027EC0A9C}setup.exe" -l0x9 -removeonly
SpeechRedist --> MsiExec.exe /X{8795CBED-55E2-4693-9F14-84EC446935BE}
Steinberg The Grand --> C:PROGRA~1VSTPLU~1THEGRA~1UNINST~1.EXE C:PROGRA~1VSTPLU~1THEGRA~1INSTALL.LOG
Superior Drummer --> MsiExec.exe /I{70A56A8A-6D37-4A9F-B76E-3A6AA9166147}
Superior ReWire Wrapper --> MsiExec.exe /I{3FFB9B62-7BCF-426C-A737-935E2F37762E}
Syncrosoft's License Control --> C:PROGRA~1SYNCRO~1UNWISE.EXE C:PROGRA~1SYNCRO~1INSTALL.LOG
SyncroSoft Emu (Remove only) --> C:Program FilesSyncroSoftPosH2OUninst.exe
Synful Orchestra DXi/VSTi v2.12 --> C:PROGRA~1SynfulSYNFUL~1UNWISE.EXE C:PROGRA~1SynfulSYNFUL~1INSTALL.LOG
Theme Manager --> C:PROGRA~1StardockOBJECT~1THEMEM~1thememgr.exe /uninstallwise
ToxicIII v1.1 --> "C:Program FilesSteinbergVstPluginsToxicIIIunins000.exe"
Uniblue RegistryBooster 2 --> "C:Program FilesUniblueRegistryBooster 2unins000.exe"
Uniblue SpeedUpMyPC 3 --> "C:Program FilesUniblueSpeedUpMyPC 3unins000.exe"
Uniblue SpyEraser --> "C:Program FilesUniblueSpyEraserunins000.exe"
USB Keyboard Device 1.0.1.0 --> C:WINDOWSiun6002.exe "C:Program FilesM-Audio USB Keyboard Deviceirunin.ini"
Voxengo Transmodder VST 1.5 --> "C:Program FilesVstPluginsVoxengo Transmodder VSTuninstall.exe"
Warp VST V1.0 --> C:PROGRA~1VSTPLU~1WARPVS~1.0UNWISE.EXE C:PROGRA~1VSTPLU~1WARPVS~1.0INSTALL.LOG
Waves SSL Collection v1.2 --> C:PROGRA~1AIRLOG~1WAVESS~1.2UNWISE.EXE C:PROGRA~1AIRLOG~1WAVESS~1.2INSTALL.LOG
WinRAR archiver --> C:Program FilesWinRARuninstall.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type1766 / Error
Event Submitted/Written: 07/21/2003 09:28:12 AM
Event ID/Source: 11 / crypt32
Event Description:
Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Event Record #/Type1763 / Error
Event Submitted/Written: 07/21/2003 09:28:11 AM
Event ID/Source: 11 / crypt32
Event Description:
Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Event Record #/Type1760 / Error
Event Submitted/Written: 07/20/2003 09:09:44 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application IEXPLORE.EXE, version 6.0.2900.2180, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type1750 / Error
Event Submitted/Written: 07/20/2003 09:22:08 AM / 07/20/2003 09:22:09 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application iexplore.exe, version 6.0.2900.2180, faulting module unknown, version 0.0.0.0, fault address 0x02a2208d.
Processing media-specific event for [iexplore.exe!ws!]

Event Record #/Type1747 / Warning
Event Submitted/Written: 07/19/2003 00:14:32 PM
Event ID/Source: 6 / crypt32
Event Description:
Reached crypt32 threshold of 50 events and will suspend logging for 60 minutes



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type16475 / Warning
Event Submitted/Written: 07/21/2003 09:29:46 AM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Event Record #/Type16468 / Warning
Event Submitted/Written: 07/21/2003 05:04:37 AM
Event ID/Source: 36 / W32Time
Event Description:
The time service has not been able to synchronize the system time
for 49152 seconds because none of the time providers has been able to
provide a usable time stamp. The system clock is unsynchronized.

Event Record #/Type16446 / Warning
Event Submitted/Written: 07/20/2003 03:24:09 PM / 07/20/2003 03:24:39 PM
Event ID/Source: 51 / Cdrom
Event Description:
An error was detected on device DeviceCdRom1 during a paging operation.

Event Record #/Type16434 / Warning
Event Submitted/Written: 07/18/2003 09:00:29 PM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Event Record #/Type16426 / Warning
Event Submitted/Written: 07/18/2003 07:03:31 AM
Event ID/Source: 36 / W32Time
Event Description:
The time service has not been able to synchronize the system time
for 49152 seconds because none of the time providers has been able to
provide a usable time stamp. The system clock is unsynchronized.



-- End of Deckard's System Scanner: finished at 2003-07-21 09:38:26 ------------

Merged posts. ~ OB

Edited by Orange Blossom, 21 July 2008 - 03:12 PM.


BC AdBot (Login to Remove)

 


#2 Thunder

Thunder

  • Members
  • 3,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:08:58 AM

Posted 23 July 2008 - 04:29 AM

Hello Mike213 and welcome to BleepingComputer,

1. * Clean your Cache and Cookies in IE:
  • Close all instances of Outlook Express and Internet Explorer
  • Go to Control Panel > Internet Options > General tab
  • Under Browsing History, click Delete.
  • Click Delete Files, Delete cookies and Delete history
  • Click Close below.
* Clean your Cache and Cookies in Firefox (In case you also have Firefox installed):
  • Go to Tools > Options.
  • Click Privacy in the menu..
  • Click the Clear now button below.. A new window will popup what to clear.
  • Select all and click the Clear button again.
  • Click OK to close the Options window
* Clean other Temporary files + Recycle bin
  • Go to start > run and type: cleanmgr and click ok.
  • Let it scan your system for files to remove.
  • Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.
  • Press OK to remove them.
2. Please download Malwarebytes' Anti-Malware from Here or Here

Doubleclick mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply along with a fresh HijackThis log.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

3. Restart your computer.

4. Please visit this webpage for instructions for downloading and running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please ensure you read this guide carefully and install the Recovery Console first (not for Windows Vista users !).
The Windows Recovery Console will allow you to boot up into a special recovery mode, in case your computer has a problem after an attempted removal of malware. This allows us to help you. (WinXP SP3 users, please download the appropriate SP2 file, Home or Pro, to install the RC)

In the event you already have Combofix, delete your current version and download the latest version as described in the tutorial.
It must be saved directly to your desktop.


Note: Make sure not to click ComboFix's window while it's running. That may cause it to stall or freeze.

Please post the log from ComboFix (can also be found as C:\ComboFix.txt) in your next reply. :thumbsup:

If you have any questions along the way, STOP and ask them before proceeding !!

Greetings,
Thunder
Whatever happens, make believe it was intended to ...
-----------------------------------------------------------------------
Posted Image - If I have helped you in any way, please consider a donation to help me continue the fight against malware.
-----------------------------------------------------------------------
Stand Up & Be Counted --> Posted Image <-- And make a difference




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users