Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Win32.virut - Mrofinu100186.exe - 17pholmes1001186.exe


  • This topic is locked This topic is locked
2 replies to this topic

#1 panaramic

panaramic

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:05:38 PM

Posted 30 July 2008 - 05:59 PM

Hello, my name is Justin.
Recently, I've been infected with the Virut trojan. I'm fairly sure I understand how it works; it infects nearly every .exe as well as several .dll's, making it impossible to remove(as it infects system files). The thing is, I can't get rid of it. As long as one file is infected, another one can be, then another... It doesn't seem possible to remove. My main concern right now is saving these files. I have, right here, a new hard drive. I can(and plan to) install XP on it, as well as Norton's Endpoint Protection program. Once that's all said and done, I want to plug in my old drive, and see if I can retrieve my pictures, music, and games- as well as some extremely important documents. Is this possible to do without infecting my new hard drive? Will I be able to clean it, as long as it's slaved, and not being booted from?

In any case, here's my DSS logs.

Deckard's System Scanner v20071014.68
Run by Justin on 2008-07-30 15:46:17
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

System Restore is disabled; attempting to re-enable...success.


-- Last 1 Restore Point(s) --
1: 2008-07-30 22:46:21 UTC - RP2 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Justin.exe) ----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:47:04, on 7/30/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Wacom_Tablet.exe
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\WTablet\Wacom_TabletUser.exe
C:\WINDOWS\system32\Wacom_Tablet.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\Trillian\trillian.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Documents and Settings\Justin\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Justin.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [LiveMonitor] C:\Program Files\MSI\Live Update 3\LMonitor.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu1001186.exe 61A847B5BBF72813329B39577AFF01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools\DAEMON Tools Lite\daemon.exe" -autorun
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1216269294453
O17 - HKLM\System\CCS\Services\Tcpip\..\{38A8A4FD-3092-4FEF-9191-FC528A3F6B30}: NameServer = 68.87.76.178,68.87.78.130
O23 - Service: Indexing Service (CiSvc) - Unknown owner - C:\WINDOWS\system32\cisvc.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TabletServiceWacom - Wacom Technology, Corp. - C:\WINDOWS\system32\Wacom_Tablet.exe
O23 - Service: Uninterruptible Power Supply (UPS) - Unknown owner - C:\WINDOWS\System32\ups.exe (file missing)

--
End of file - 6122 bytes

-- File Associations -----------------------------------------------------------

.cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.cpl - cplfile - shell\runas\command - rundll32.exe shell32.dll,Control_RunDLLAsUser "%1",%*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 giveio - c:\windows\system32\giveio.sys
R0 speedfan - c:\windows\system32\speedfan.sys <Not Verified; Windows ® 2000 DDK provider; Windows ® 2000 DDK driver>
R1 SCDEmu - c:\windows\system32\drivers\scdemu.sys <Not Verified; PowerISO Computing, Inc.; scdemu>
R2 CamthWDM (WebcamMax, WDM Video Capture) - c:\windows\system32\drivers\camthwdm.sys <Not Verified; YewSoft; Cam Theme>
R2 npkcrypt - c:\nexon\maplestory\npkcrypt.sys <Not Verified; INCA Internet Co., Ltd.; nProtect KeyCrypt Driver>

S3 catchme - c:\combofix\catchme.sys (file missing)
S3 GMSIPCI - d:\install\gmsipci.sys (file missing)
S3 MSICPL - d:\install4\msicpl.sys (file missing)
S3 NTACCESS - d:\ntaccess.sys (file missing)
S4 vsdatant - a (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 TabletServiceWacom - c:\windows\system32\wacom_tablet.exe <Not Verified; Wacom Technology, Corp.; Wacom Technology, Corp. Tablet Service>
R2 ZuneBusEnum (Zune Bus Enumerator) - c:\windows\system32\zunebusenum.exe <Not Verified; Microsoft Corporation; Zune®>

S3 CiSvc (Indexing Service) - c:\windows\system32\cisvc.exe (file missing)
S3 UPS (Uninterruptible Power Supply) - c:\windows\system32\ups.exe (file missing)
S3 ZuneWlanCfgSvc (Zune Wireless Configuration Service) - c:\windows\system32\zunewlancfgsvc.exe <Not Verified; Microsoft Corporation; Zune®>
S4 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple Inc.; Apple Mobile Device Service>
S4 Bonjour Service - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Inc.; Bonjour>
S4 ZuneNetworkSvc (Zune Network Sharing Service) - "c:\program files\zune\zunenss.exe" <Not Verified; Microsoft Corporation; Zune®>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Files created between 2008-06-30 and 2008-07-30 -----------------------------

2008-07-30 04:55:23 90624 --a------ C:\WINDOWS\17PHolmes1001186.exe
2008-07-30 03:20:11 57856 --a------ C:\WINDOWS\mrofinu1001186.exe
2008-07-29 20:33:09 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-07-29 20:33:08 0 d-------- C:\Program Files\Symantec
2008-07-29 20:33:08 0 d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2008-07-29 16:40:12 2032 --a------ C:\WINDOWS\system32\tmp.reg
2008-07-29 16:39:04 0 d-------- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
2008-07-29 16:39:00 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-29 16:39:00 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-29 16:11:29 0 d--h----- C:\Documents and Settings\Administrator\Templates <TEMPLA~1>
2008-07-29 16:11:29 0 dr------- C:\Documents and Settings\Administrator\Start Menu <STARTM~1>
2008-07-29 16:11:29 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2008-07-29 16:11:29 0 d--h----- C:\Documents and Settings\Administrator\Recent
2008-07-29 16:11:29 0 d--h----- C:\Documents and Settings\Administrator\PrintHood <PRINTH~1>
2008-07-29 16:11:29 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2008-07-29 16:11:29 0 d-------- C:\Documents and Settings\Administrator\My Documents <MYDOCU~1>
2008-07-29 16:11:29 0 d--h----- C:\Documents and Settings\Administrator\Local Settings <LOCALS~1>
2008-07-29 16:11:29 0 d-------- C:\Documents and Settings\Administrator\Favorites <FAVORI~1>
2008-07-29 16:11:29 0 d-------- C:\Documents and Settings\Administrator\Desktop
2008-07-29 16:11:29 0 d---s---- C:\Documents and Settings\Administrator\Cookies
2008-07-29 16:11:29 0 dr-h----- C:\Documents and Settings\Administrator\Application Data <APPLIC~1>
2008-07-29 16:11:29 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-07-29 16:11:28 786432 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2008-07-29 16:04:50 0 d--hs---- C:\WINDOWS\CSC
2008-07-29 15:09:57 173056 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-07-29 15:09:56 78848 --a------ C:\WINDOWS\zip.exe
2008-07-29 15:09:56 130628 --a------ C:\WINDOWS\VFind.exe
2008-07-29 15:09:56 223232 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-07-29 15:09:56 148480 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-07-29 15:09:56 207872 --a------ C:\WINDOWS\sed.exe
2008-07-29 15:09:56 91164 --a------ C:\WINDOWS\grep.exe
2008-07-29 15:09:56 101792 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-07-29 15:05:40 0 d-------- C:\WTablet
2008-07-29 14:43:24 0 d-------- C:\Program Files\Trend Micro
2008-07-29 14:43:13 0 d-------- C:\Documents and Settings\All Users\Application Data\Avg8
2008-07-29 02:17:25 0 d-------- C:\Documents and Settings\Justin\Application Data\Apple Computer
2008-07-29 02:16:23 0 d-------- C:\Program Files\iPod
2008-07-29 02:16:17 0 d-------- C:\Program Files\iTunes
2008-07-29 02:14:34 0 d-------- C:\Program Files\Common Files\Apple
2008-07-28 18:10:18 482816 --a------ C:\Documents and Settings\Justin\_online.exe
2008-07-28 15:59:55 0 d-------- C:\Program Files\Phantasy Star Online Blue Burst
2008-07-28 11:41:49 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-07-28 00:37:51 0 --a------ C:\Documents and Settings\Justin\ipconfig
2008-07-27 15:19:14 0 d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-07-27 15:08:59 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe
2008-07-27 15:08:11 0 d-------- C:\Program Files\Bonjour
2008-07-27 14:56:57 0 d-------- C:\Program Files\Common Files\Macrovision Shared
2008-07-27 14:56:07 0 d-------- C:\Program Files\Common Files\Adobe
2008-07-27 14:10:46 0 d-------- C:\WINDOWS\system32\URTTEMP
2008-07-27 10:19:52 0 d-------- C:\Program Files\Zune
2008-07-27 10:18:50 0 d-------- C:\WINDOWS\system32\drivers\UMDF
2008-07-27 10:18:26 0 d-------- C:\0ea0724beb2dd3d15cce1ef46d84bd
2008-07-26 14:36:58 0 d-------- C:\WINDOWS\Sun
2008-07-26 14:36:57 0 d-------- C:\Documents and Settings\Justin\Application Data\Sun
2008-07-26 13:54:12 0 d-------- C:\WINDOWS\pss
2008-07-26 13:36:24 0 d-------- C:\Program Files\Sync Manager
2008-07-26 12:53:52 0 d-------- C:\Program Files\Audacity 1.3 Beta (Unicode)
2008-07-26 11:46:01 0 d-------- C:\Documents and Settings\LocalService\Application Data\WTablet
2008-07-24 00:29:27 0 d-------- C:\WINDOWS\system32\LogFiles
2008-07-23 19:19:23 0 d-------- C:\Program Files\GCFScape
2008-07-23 15:06:38 0 d-------- C:\Program Files\Audacity
2008-07-23 12:46:16 0 d-------- C:\Documents and Settings\Justin\Application Data\GetRightToGo
2008-07-23 11:27:10 0 d-------- C:\Program Files\QuickTime
2008-07-23 11:27:09 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-07-23 11:26:51 0 d-------- C:\Program Files\Apple Software Update
2008-07-23 11:26:50 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-07-22 15:32:22 0 d-------- C:\Nexon
2008-07-22 13:34:59 0 d-------- C:\Documents and Settings\All Users\Application Data\Macromedia
2008-07-22 13:34:47 0 d-------- C:\Program Files\Macromedia
2008-07-22 13:34:47 0 d-------- C:\Program Files\Common Files\Macromedia
2008-07-22 11:51:13 0 d-------- C:\Documents and Settings\Justin\DoctorWeb <DOCTOR~1>
2008-07-22 11:07:28 0 d-------- C:\WINDOWS\Downloaded Installations
2008-07-22 09:44:23 0 d--h----- C:\WINDOWS\PIF
2008-07-22 00:26:45 0 d-------- C:\Documents and Settings\Justin\Application Data\Audacity
2008-07-22 00:26:44 139 --a------ C:\WINDOWS\system32\lock.bat
2008-07-22 00:24:50 0 d-------- C:\Program Files\FileDeleter
2008-07-21 21:57:25 0 d-------- C:\Documents and Settings\Justin\Application Data\Nexon
2008-07-21 21:56:13 4682 --a------ C:\WINDOWS\system32\npptNT2.sys <Not Verified; INCA Internet Co., Ltd.; nProtect NPSC Kernel Mode Driver for NT>
2008-07-21 21:56:08 0 d-------- C:\Program Files\Common Files\INCA Shared
2008-07-21 21:55:13 0 d-------- C:\WINDOWS\system32\carH04
2008-07-21 14:39:42 0 d-------- C:\Documents and Settings\Justin\Application Data\Microsoft Games
2008-07-21 14:03:33 0 d-------- C:\Program Files\WebcamMax
2008-07-21 13:43:09 0 d-------- C:\Program Files\Microsoft Games
2008-07-21 00:10:03 0 d-------- C:\Documents and Settings\Justin\Application Data\dBpoweramp
2008-07-20 19:14:12 4096 --a------ C:\WINDOWS\d3dx.dat
2008-07-20 19:12:28 0 d-------- C:\WINDOWS\1F8FB0FA6FF24B2FBE2F7266AFB0895D.TMP
2008-07-20 19:11:21 0 d-------- C:\Codemasters
2008-07-20 14:11:33 0 d-------- C:\DeusEx
2008-07-20 13:30:26 0 d-------- C:\Program Files\Intel Corporation
2008-07-20 12:43:39 0 d-------- C:\Documents and Settings\Justin\Application Data\WTablet
2008-07-20 12:43:07 0 d-------- C:\WINDOWS\system32\WTablet
2008-07-20 12:43:05 3406120 --a------ C:\WINDOWS\system32\Wacom_Tablet.exe <Not Verified; Wacom Technology, Corp.; Wacom Technology, Corp. Tablet Service>
2008-07-20 12:43:04 0 d-------- C:\Program Files\Tablet
2008-07-20 09:41:00 0 d-------- C:\Program Files\VTFEdit
2008-07-20 09:03:57 0 d-------- C:\Documents and Settings\Justin\Application Data\LimeWire
2008-07-20 09:03:05 0 d-------- C:\Program Files\Java
2008-07-20 09:03:00 0 d-------- C:\Program Files\Common Files\Java
2008-07-20 09:02:04 0 d-------- C:\Program Files\LimeWire
2008-07-20 00:36:24 0 d-------- C:\Documents and Settings\Justin\Application Data\gtk-2.0
2008-07-20 00:36:23 0 d-------- C:\Documents and Settings\Justin\.thumbnails <THUMBN~1>
2008-07-20 00:35:41 0 d-------- C:\Documents and Settings\Justin\.gimp-2.4 <GIMP-2~1.4>
2008-07-20 00:35:18 0 d-------- C:\Program Files\GIMP-2.0
2008-07-19 16:01:00 0 d-------- C:\Program Files\FLV Player
2008-07-19 15:56:30 0 d-------- C:\Documents and Settings\Justin\dwhelper
2008-07-19 15:50:54 0 d-------- C:\Documents and Settings\Justin\Application Data\Orbit
2008-07-19 15:50:52 0 d-------- C:\Program Files\Orbitdownloader
2008-07-19 15:19:40 21840 --a-----t C:\WINDOWS\system32\SIntfNT.dll
2008-07-19 15:19:40 17212 --a-----t C:\WINDOWS\system32\SIntf32.dll
2008-07-19 15:19:40 12067 --a-----t C:\WINDOWS\system32\SIntf16.dll
2008-07-19 15:17:12 0 d-------- C:\Program Files\Sierra
2008-07-19 14:37:48 0 d-------- C:\Program Files\BestGameEver
2008-07-19 14:34:25 0 d-------- C:\Program Files\DAEMON Tools Toolbar
2008-07-19 14:31:13 717296 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-07-19 14:31:09 0 d-------- C:\Documents and Settings\Justin\Application Data\DAEMON Tools
2008-07-19 14:22:44 0 d-------- C:\Program Files\World Of Warcraft
2008-07-19 10:59:33 0 d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-07-18 22:50:04 0 d-------- C:\Program Files\GoldWave
2008-07-18 20:52:46 0 d-------- C:\Documents and Settings\Justin\Application Data\AccurateRip
2008-07-18 20:52:44 13783 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpoweramp Music Converter.dat
2008-07-18 20:52:42 0 d-------- C:\Program Files\Illustrate
2008-07-18 18:48:56 0 d-------- C:\Program Files\THQ
2008-07-18 17:38:20 0 d-------- C:\Documents and Settings\Justin\Gravitation <GRAVIT~1>
2008-07-18 17:32:08 0 d-------- C:\Documents and Settings\Justin\Application Data\TeamViewer
2008-07-18 17:32:05 0 d-------- C:\Program Files\TeamViewer3
2008-07-18 17:31:56 0 d-------- C:\Documents and Settings\Justin\temp
2008-07-18 16:11:56 0 d-------- C:\Documents and Settings\Justin\Application Data\Hamachi
2008-07-18 16:11:42 0 d-------- C:\Program Files\Hamachi
2008-07-18 15:42:46 69998 -ra------ C:\WINDOWS\system32\InstMed.exe
2008-07-18 15:42:40 0 d-------- C:\Program Files\Common Files\Logitech
2008-07-18 15:40:59 0 d-------- C:\WINDOWS\system32\appmgmt
2008-07-18 15:26:35 0 d-------- C:\Documents and Settings\All Users\Application Data\Logishrd
2008-07-18 15:26:29 0 d-------- C:\Program Files\Logitech
2008-07-18 15:26:29 0 d-------- C:\Documents and Settings\All Users\Application Data\Logitech
2008-07-17 12:11:32 0 d-------- C:\Program Files\ExtractNow
2008-07-17 00:38:11 0 d--hs---- C:\WINDOWS\Installer
2008-07-17 00:38:10 0 d-------- C:\Program Files\Common Files\ODBC
2008-07-17 00:38:07 0 dr------- C:\Program Files
2008-07-17 00:38:07 0 d-------- C:\Program Files\Common Files
2008-07-17 00:38:07 0 d-------- C:\Program Files\Common Files\SpeechEngines
2008-07-17 00:37:57 26112 --a------ C:\WINDOWS\TASKMAN.EXE <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-17 00:37:55 79872 --a------ C:\WINDOWS\notepad.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-17 00:37:46 0 d--h----- C:\Documents and Settings\Default User\Templates <TEMPLA~1>
2008-07-17 00:37:46 0 dr------- C:\Documents and Settings\Default User\Start Menu <STARTM~1>
2008-07-17 00:37:46 0 dr-h----- C:\Documents and Settings\Default User\SendTo
2008-07-17 00:37:46 0 d--h----- C:\Documents and Settings\Default User\Recent
2008-07-17 00:37:46 0 d--h----- C:\Documents and Settings\Default User\PrintHood <PRINTH~1>
2008-07-17 00:37:46 0 d--h----- C:\Documents and Settings\Default User\NetHood
2008-07-17 00:37:46 0 d-------- C:\Documents and Settings\Default User\My Documents <MYDOCU~1>
2008-07-17 00:37:46 0 dr-h----- C:\Documents and Settings\Default User\Local Settings <LOCALS~1>
2008-07-17 00:37:46 0 d-------- C:\Documents and Settings\Default User\Favorites <FAVORI~1>
2008-07-17 00:37:46 0 d-------- C:\Documents and Settings\Default User\Desktop
2008-07-17 00:37:46 0 d---s---- C:\Documents and Settings\Default User\Cookies
2008-07-17 00:37:46 0 d--h----- C:\Documents and Settings\All Users\Templates <TEMPLA~1>
2008-07-17 00:37:46 0 dr------- C:\Documents and Settings\All Users\Start Menu <STARTM~1>
2008-07-17 00:37:46 0 d-------- C:\Documents and Settings\All Users\Favorites <FAVORI~1>
2008-07-17 00:37:46 0 dr------- C:\Documents and Settings\All Users\Documents
2008-07-17 00:37:46 0 d-------- C:\Documents and Settings\All Users\Desktop
2008-07-17 00:35:56 0 d-------- C:\WINDOWS\system32\CatRoot2
2008-07-17 00:35:56 0 d-------- C:\WINDOWS\system32\CatRoot
2008-07-17 00:35:51 0 dr-h----- C:\Documents and Settings\Default User\Application Data <APPLIC~1>
2008-07-17 00:35:51 0 d---s---- C:\Documents and Settings\Default User\Application Data\Microsoft
2008-07-17 00:35:50 0 dr-h----- C:\Documents and Settings\All Users\Application Data <APPLIC~1>
2008-07-17 00:35:50 0 d---s---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-07-17 00:35:29 0 d--hs---- C:\System Volume Information
2008-07-17 00:35:29 0 d-------- C:\Documents and Settings
2008-07-17 00:24:52 0 d-------- C:\Program Files\AVI Codec Pack
2008-07-17 00:19:30 0 d-------- C:\WINDOWS
2008-07-17 00:19:30 0 d-------- C:\WINDOWS\WinSxS
2008-07-17 00:19:30 0 dr------- C:\WINDOWS\Web
2008-07-17 00:19:30 0 d-------- C:\WINDOWS\twain_32
2008-07-17 00:19:30 0 d-------- C:\WINDOWS\system32
2008-07-17 00:19:30 0 d-------- C:\WINDOWS\system32\wins
2008-07-17 00:19:30 0 d-------- C:\WINDOWS\system32\wbem
2008-07-17 00:19:30 0 d-------- C:\WINDOWS\system32\usmt
2008-07-17 00:19:30 0 d-------- C:\WINDOWS\system32\spool
2008-07-17 00:19:30 0 d-------- C:\WINDOWS\system32\ShellExt
2008-07-17 00:19:30 0 d-------- C:\WINDOWS\system32\Setup
2008-07-17 00:19:30 0 d-------- C:\WINDOWS\system32\ras
2008-07-17 00:19:30 0 d-------- C:\WINDOWS\system32\oobe
2008-07-17 00:19:30 0 d-------- C:\WINDOWS\system32\npp
2008-07-17 00:19:30 0 d-------- C:\WINDOWS\system32\mui
2008-07-17 00:19:30 0 d-------- C:\WINDOWS\system32\inetsrv
2008-07-17 00:19:30 0 d-------- C:\WINDOWS\system32\IME
2008-07-17 00:19:30 0 d-------- C:\WINDOWS\system32\icsxml
2008-07-17 00:19:30 0 d-------- C:\WINDOWS\system32\ias
2008-07-17 00:19:30 0 d-------- C:\WINDOWS\system32\export
2008-07-17 00:19:30 0 d-------- C:\WINDOWS\system32\drivers
2008-07-17 00:19:30 0 d-------- C:\WINDOWS\system32\drivers\etc
2008-07-17 00:19:30 0 d-------- C:\WINDOWS\system32\drivers\disdn
2008-07-17 00:19:30 0 dr-hs--c- C:\WINDOWS\system32\dllcache
2008-07-17 00:19:30 0 d-------- C:\WINDOWS\system32\dhcp
2008-07-17 00:19:30 0 d-------- C:\WINDOWS\system32\config
2008-07-17 00:19:30 0 d-------- C:\WINDOWS\system32\3com_dmi
2008-07-17 00:19:30 0 d-------- C:\WINDOWS\system32\3076
2008-07-17 00:19:30 0 d-------- C:\WINDOWS\system32\2052
2008-07-17 00:19:30 0 d-------- C:\WINDOWS\system32\1054
2008-07-17 00:19:30 0 d-------- C:\WINDOWS\system32\1042
2008-07-17 00:19:30 0 d-------- C:\WINDOWS\system32\1041
2008-07-17 00:19:30 0 d-------- C:\WINDOWS\system32\1037
2008-07-17 00:19:30 0 d-------- C:\WINDOWS\system32\1033
2008-07-17 00:19:30 0 d-------- C:\WINDOWS\system32\1031
2008-07-17 00:19:30 0 d-------- C:\WINDOWS\system32\1028
2008-07-17 00:19:30 0 d-------- C:\WINDOWS\system32\1025
2008-07-17 00:19:30 0 d-------- C:\WINDOWS\system
2008-07-17 00:19:30 0 d-------- C:\WINDOWS\security
2008-07-17 00:19:30 0 d-------- C:\WINDOWS\Resources
2008-07-17 00:19:30 0 d-------- C:\WINDOWS\repair
2008-07-17 00:19:30 0 d-------- C:\WINDOWS\Provisioning
2008-07-17 00:19:30 0 d-------- C:\WINDOWS\PeerNet
2008-07-17 00:19:30 0 d-------- C:\WINDOWS\pchealth
2008-07-17 00:19:30 0 d-------- C:\WINDOWS\mui
2008-07-17 00:19:30 0 d-------- C:\WINDOWS\msapps
2008-07-17 00:19:30 0 d-------- C:\WINDOWS\msagent
2008-07-17 00:19:30 0 d-------- C:\WINDOWS\Media
2008-07-17 00:19:30 0 d-------- C:\WINDOWS\java
2008-07-17 00:19:30 0 d--h----- C:\WINDOWS\inf
2008-07-17 00:19:30 0 d-------- C:\WINDOWS\ime
2008-07-17 00:19:30 0 d-------- C:\WINDOWS\Help
2008-07-17 00:19:30 0 dr--s---- C:\WINDOWS\Fonts
2008-07-17 00:19:30 0 d-------- C:\WINDOWS\ehome
2008-07-17 00:19:30 0 d-------- C:\WINDOWS\Driver Cache
2008-07-17 00:19:30 0 d-------- C:\WINDOWS\Debug
2008-07-17 00:19:30 0 d-------- C:\WINDOWS\Cursors
2008-07-17 00:19:30 0 d-------- C:\WINDOWS\Connection Wizard
2008-07-17 00:19:30 0 d-------- C:\WINDOWS\Config
2008-07-17 00:19:30 0 d-------- C:\WINDOWS\AppPatch
2008-07-17 00:19:30 0 d-------- C:\WINDOWS\addins
2008-07-16 22:59:54 0 d-------- C:\Program Files\Alarian
2008-07-16 22:36:19 0 d-------- C:\Documents and Settings\Justin\Application Data\WinRAR
2008-07-16 22:06:39 0 d-------- C:\Documents and Settings\Justin\Application Data\fretsonfire
2008-07-16 22:06:32 0 d-------- C:\Program Files\Frets on Fire
2008-07-16 22:05:52 0 d-------- C:\Program Files\Trillian
2008-07-16 21:26:26 0 d-------- C:\Documents and Settings\Justin\Shared
2008-07-16 21:21:28 0 d-------- C:\Documents and Settings\Justin\Contacts
2008-07-16 21:19:19 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
2008-07-16 21:19:02 0 d-------- C:\Program Files\Windows Live
2008-07-16 21:18:55 0 d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-07-16 21:16:13 0 d-------- C:\WINDOWS\Prefetch
2008-07-16 21:10:35 2560 --a------ C:\WINDOWS\system32\bitcometres.dll <Not Verified; BitComet; BitComet BCTP Helper>
2008-07-16 21:10:35 0 d-------- C:\Downloads
2008-07-16 21:10:24 0 d-------- C:\Program Files\BitComet
2008-07-16 21:04:23 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-07-16 21:04:09 0 d-------- C:\Program Files\Eltima Software
2008-07-16 20:26:36 1970176 --a------ C:\WINDOWS\system32\d3dx9.dll
2008-07-16 20:26:36 679936 --a------ C:\WINDOWS\system32\D3DX81ab.dll <Not Verified; Generated by JEDI; D3DX81>
2008-07-16 20:26:36 0 d-------- C:\Program Files\Cheat Engine
2008-07-16 20:10:59 0 d-------- C:\WINDOWS\system32\scripting
2008-07-16 20:10:58 0 d-------- C:\WINDOWS\system32\en
2008-07-16 20:10:58 0 d-------- C:\WINDOWS\system32\bits
2008-07-16 20:10:58 0 d-------- C:\WINDOWS\l2schemas
2008-07-16 20:09:32 0 d-------- C:\WINDOWS\ServicePackFiles
2008-07-16 20:07:26 0 d-------- C:\Program Files\Common Files\xing shared
2008-07-16 20:07:09 0 d-------- C:\Program Files\Real
2008-07-16 20:07:07 0 d-------- C:\Program Files\Common Files\Real
2008-07-16 20:07:06 0 d-------- C:\Documents and Settings\Justin\Application Data\Real
2008-07-16 20:06:46 0 d-------- C:\WINDOWS\network diagnostic
2008-07-16 20:00:39 28672 --a------ C:\WINDOWS\system32\verclsid.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-16 20:00:37 130048 --a------ C:\WINDOWS\system32\spupdwxp.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-16 20:00:37 51200 --a------ C:\WINDOWS\system32\spdwnwxp.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-16 20:00:35 184388 --a------ C:\WINDOWS\system32\slserv.exe <Not Verified; Smart Link; Soft Modem>
2008-07-16 20:00:35 77922 --a------ C:\WINDOWS\system32\slrundll.exe <Not Verified; Smart Link; Soft Modem>
2008-07-16 20:00:35 143458 -----n--- C:\WINDOWS\slrundll.exe <Not Verified; Smart Link; Soft Modem>
2008-07-16 20:00:34 45056 --a------ C:\WINDOWS\system32\setupn.exe <Not Verified; Microsoft Corporation; Microsoft® Windows Media Player>
2008-07-16 20:00:30 252928 --a------ C:\WINDOWS\system32\napstat.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-16 20:00:25 44544 --a------ C:\WINDOWS\system32\mmcperf.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-16 20:00:16 20480 --a------ C:\WINDOWS\system32\comsdupd.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-16 20:00:14 64512 --a------ C:\WINDOWS\system32\faxpatch.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-16 19:53:10 0 d---s---- C:\Documents and Settings\Justin\UserData
2008-07-16 19:39:07 0 d-------- C:\Program Files\PowerISO
2008-07-16 19:39:03 0 d-------- C:\Program Files\DAEMON Tools
2008-07-16 18:05:32 0 d-------- C:\Program Files\Winamp Toolbar
2008-07-16 18:05:32 0 d-------- C:\Documents and Settings\All Users\Application Data\Winamp Toolbar
2008-07-16 18:05:22 0 d-------- C:\Program Files\Winamp Remote
2008-07-16 18:04:24 0 d-------- C:\WINDOWS\RegisteredPackages
2008-07-16 18:03:28 0 d-------- C:\Program Files\Winamp
2008-07-16 18:03:28 0 d-------- C:\Documents and Settings\Justin\Application Data\Winamp
2008-07-16 17:51:16 0 d-------- C:\Program Files\SpeedFan
2008-07-16 17:46:35 0 d-------- C:\Program Files\Steam
2008-07-16 17:26:51 0 d-------- C:\Program Files\Lavalys
2008-07-16 17:22:27 18487 --a------ C:\WINDOWS\system32\Ntaccess.sys <Not Verified; Your Corporation; Your Product Name>
2008-07-16 17:22:27 9216 --a------ C:\WINDOWS\system32\drivers\FlashSys.sys
2008-07-16 17:22:27 0 d-------- C:\Program Files\MSI
2008-07-16 17:22:18 392704 --a------ C:\WINDOWS\IsUninst.exe <Not Verified; InstallShield Software Corporation; InstallShield® unInstaller>
2008-07-16 17:17:51 0 d-------- C:\Documents and Settings\Justin\Application Data\Macromedia
2008-07-16 17:17:51 0 d-------- C:\Documents and Settings\Justin\Application Data\Adobe
2008-07-16 17:17:12 0 d-------- C:\WINDOWS\nview
2008-07-16 17:16:55 0 d-------- C:\NVIDIA
2008-07-16 17:09:56 0 d-------- C:\Documents and Settings\Justin\Application Data\Ventrilo
2008-07-16 17:09:33 0 --a------ C:\WINDOWS\nsreg.dat
2008-07-16 17:09:30 0 d-------- C:\Documents and Settings\Justin\Application Data\Mozilla
2008-07-16 17:08:49 0 d-------- C:\Program Files\Ventrilo
2008-07-16 17:08:32 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-07-16 17:07:05 0 d-------- C:\WINDOWS\system32\PreInstall
2008-07-16 17:07:02 0 d--h----- C:\WINDOWS\$hf_mig$
2008-07-16 17:00:04 0 d--h----- C:\WINDOWS\msdownld.tmp
2008-07-16 17:00:02 0 d-------- C:\WINDOWS\Logs
2008-07-16 16:59:47 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2008-07-16 16:55:53 0 d-------- C:\WINDOWS\system32\Lang
2008-07-16 16:54:02 0 d-------- C:\WINDOWS\system32\SoftwareDistribution
2008-07-16 16:53:17 159744 -ra------ C:\WINDOWS\system32\ChCfg.exe
2008-07-16 16:53:00 0 d-------- C:\WINDOWS\system32\RTCOM
2008-07-16 16:52:34 26488 --a------ C:\WINDOWS\system32\spupdsvc.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-16 16:52:31 131072 -r------- C:\WINDOWS\SoundMan.exe <Not Verified; Realtek Semiconductor Corp.; Realtek HD Sound Manager>
2008-07-16 16:52:31 1871872 -r------- C:\WINDOWS\SkyTel.exe <Not Verified; Realtek Semiconductor Corp.; Realtek Voice Manager>
2008-07-16 16:52:31 1191936 -r------- C:\WINDOWS\RtlUpd.exe <Not Verified; Realtek Semiconductor Corp.; Realtek AC'97 Update and remove driver Tool>
2008-07-16 16:52:29 9760256 -r------- C:\WINDOWS\RTLCPL.exe <Not Verified; Realtek Semiconductor Corp.; Realtek Audio Sound Effect Manager>
2008-07-16 16:52:23 16861184 -ra------ C:\WINDOWS\RTHDCPL.exe <Not Verified; Realtek Semiconductor Corp.; Realtek HD Audio Sound Effect Manager>
2008-07-16 16:52:22 2177536 -r------- C:\WINDOWS\MicCal.exe <Not Verified; Realtek Semiconductor Corp.; Realtek Audio Microphone Calibration>
2008-07-16 16:52:19 2854400 -r------- C:\WINDOWS\alcwzrd.exe <Not Verified; RealTek Semicoductor Corp.; ALCWZRD>
2008-07-16 16:52:19 69632 -r------- C:\WINDOWS\Alcmtr.exe <Not Verified; Realtek Semiconductor Corp.; Realtek AC97 Audio - Event Monitor>
2008-07-16 16:52:18 0 d-------- C:\Program Files\Realtek
2008-07-16 16:52:18 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-07-16 16:52:15 520192 -r------- C:\WINDOWS\RtlExUpd.dll <Not Verified; Realtek Semiconductor Corp.; RtlExUpd Dynamic Link Library>
2008-07-16 16:52:15 393216 --a------ C:\WINDOWS\HideWin.exe <Not Verified; Realtek Semiconductor Corp.; HD Audio Hide windows program>
2008-07-16 16:52:13 0 d-------- C:\Program Files\Common Files\InstallShield
2008-07-16 16:51:13 0 d-------- C:\WINDOWS\system32\ReinstallBackups
2008-07-16 16:51:12 0 d------c- C:\WINDOWS\system32\DRVSTORE
2008-07-16 16:51:11 0 d-------- C:\Program Files\Intel
2008-07-16 16:51:06 0 d-------- C:\Intel
2008-07-16 16:49:33 0 d-------- C:\Documents and Settings\Justin\Application Data\Identities
2008-07-16 16:49:16 0 d--h----- C:\Documents and Settings\Justin\Templates <TEMPLA~1>
2008-07-16 16:49:16 0 dr------- C:\Documents and Settings\Justin\Start Menu <STARTM~1>
2008-07-16 16:49:16 0 dr-h----- C:\Documents and Settings\Justin\SendTo
2008-07-16 16:49:16 0 dr-h----- C:\Documents and Settings\Justin\Recent
2008-07-16 16:49:16 0 d--h----- C:\Documents and Settings\Justin\PrintHood <PRINTH~1>
2008-07-16 16:49:16 5242880 --ah----- C:\Documents and Settings\Justin\NTUSER.DAT
2008-07-16 16:49:16 0 d--h----- C:\Documents and Settings\Justin\NetHood
2008-07-16 16:49:16 0 dr------- C:\Documents and Settings\Justin\My Documents <MYDOCU~1>
2008-07-16 16:49:16 0 d--h----- C:\Documents and Settings\Justin\Local Settings <LOCALS~1>
2008-07-16 16:49:16 0 dr------- C:\Documents and Settings\Justin\Favorites <FAVORI~1>
2008-07-16 16:49:16 0 d-------- C:\Documents and Settings\Justin\Desktop
2008-07-16 16:49:16 0 d---s---- C:\Documents and Settings\Justin\Cookies
2008-07-16 16:49:16 0 d--h----- C:\Documents and Settings\Justin\Application Data <APPLIC~1>
2008-07-16 16:48:42 0 d-------- C:\WINDOWS\SoftwareDistribution
2008-07-16 16:48:40 0 d---s---- C:\WINDOWS\system32\Microsoft
2008-07-16 16:48:39 262144 --ah----- C:\Documents and Settings\LocalService\NTUSER.DAT
2008-07-16 16:48:39 0 d--h----- C:\Documents and Settings\LocalService\Local Settings <LOCALS~1>
2008-07-16 16:48:39 0 d---s---- C:\Documents and Settings\LocalService\Cookies
2008-07-16 16:48:39 0 d-------- C:\Documents and Settings\LocalService\Application Data <APPLIC~1>
2008-07-16 16:48:39 0 d---s---- C:\Documents and Settings\LocalService\Application Data\Microsoft
2008-07-16 16:48:26 225280 --ah----- C:\Documents and Settings\NetworkService\NTUSER.DAT
2008-07-16 16:48:26 0 d--h----- C:\Documents and Settings\NetworkService\Local Settings <LOCALS~1>
2008-07-16 16:48:26 0 d---s---- C:\Documents and Settings\NetworkService\Cookies
2008-07-16 16:48:26 0 d-------- C:\Documents and Settings\NetworkService\Application Data <APPLIC~1>
2008-07-16 16:48:26 0 d---s---- C:\Documents and Settings\NetworkService\Application Data\Microsoft
2008-07-16 16:46:13 0 d-------- C:\WINDOWS\system32\xircom
2008-07-16 16:46:13 0 d-------- C:\Program Files\microsoft frontpage
2008-07-16 16:46:07 262144 --ah----- C:\Documents and Settings\Default User\NTUSER.DAT
2008-07-16 16:45:56 0 -rahs---- C:\MSDOS.SYS
2008-07-16 16:45:56 0 -rahs---- C:\IO.SYS
2008-07-16 16:45:56 0 --a------ C:\CONFIG.SYS
2008-07-16 16:45:56 0 --a------ C:\AUTOEXEC.BAT
2008-07-16 16:45:15 0 d--hs---- C:\Documents and Settings\All Users\DRM
2008-07-16 16:45:09 0 dr------- C:\WINDOWS\Offline Web Pages
2008-07-16 16:45:09 0 d---s---- C:\WINDOWS\Downloaded Program Files
2008-07-16 16:45:00 0 d--h----- C:\Program Files\WindowsUpdate
2008-07-16 16:44:45 0 d-------- C:\WINDOWS\system32\DirectX
2008-07-16 16:44:19 0 d---s---- C:\WINDOWS\Tasks
2008-07-16 16:44:19 0 d-------- C:\Program Files\Common Files\MSSoap
2008-07-16 16:44:16 0 d-------- C:\WINDOWS\srchasst
2008-07-16 16:44:15 0 d-------- C:\WINDOWS\system32\Macromed
2008-07-16 16:44:12 176640 --a------ C:\WINDOWS\system32\wuauclt1.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-16 16:44:12 53080 --a------ C:\WINDOWS\system32\wuauclt.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-16 16:44:08 0 d-------- C:\Program Files\Movie Maker
2008-07-16 16:44:02 0 d-------- C:\WINDOWS\system32\Restore
2008-07-16 16:44:02 33792 --a------ C:\WINDOWS\system32\fltmc.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-16 16:43:56 55808 --a------ C:\WINDOWS\system32\mstinit.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-16 16:43:35 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-07-16 16:43:22 0 d-------- C:\WINDOWS\Registration
2008-07-16 16:43:16 0 d-------- C:\Program Files\Online Services
2008-07-16 16:43:11 0 d-------- C:\Program Files\Messenger
2008-07-16 16:43:08 16384 --a------ C:\WINDOWS\system32\write.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-16 16:43:08 0 d-------- C:\Program Files\MSN Gaming Zone
2008-07-16 16:43:01 138752 --a------ C:\WINDOWS\system32\sndvol32.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-16 16:42:55 119808 --a------ C:\WINDOWS\system32\winmine.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-16 16:42:55 56832 --a------ C:\WINDOWS\system32\sol.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-16 16:42:55 53248 --a------ C:\WINDOWS\system32\reset.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-16 16:42:55 126976 --a------ C:\WINDOWS\system32\mshearts.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-16 16:42:55 55296 --a------ C:\WINDOWS\system32\freecell.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-16 16:42:55 80384 --a------ C:\WINDOWS\system32\charmap.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-16 16:42:55 114688 --a------ C:\WINDOWS\system32\calc.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-16 16:42:54 27648 --a------ C:\WINDOWS\system32\tsshutdn.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-16 16:42:54 27136 --a------ C:\WINDOWS\system32\tskill.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-16 16:42:54 25600 --a------ C:\WINDOWS\system32\tsdiscon.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-16 16:42:54 25600 --a------ C:\WINDOWS\system32\tscon.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-16 16:42:54 25600 --a------ C:\WINDOWS\system32\shadow.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-16 16:42:54 59392 --a------ C:\WINDOWS\system32\rwinsta.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-16 16:42:54 44544 --a------ C:\WINDOWS\system32\regini.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-16 16:42:54 22016 --a------ C:\WINDOWS\system32\qwinsta.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-16 16:42:54 60416 --a------ C:\WINDOWS\system32\qappsrv.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-16 16:42:54 64512 --a------ C:\WINDOWS\system32\msg.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-16 16:42:54 58880 --a------ C:\WINDOWS\system32\logoff.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-16 16:42:53 49664 --a------ C:\WINDOWS\system32\dcomcnfg.exe <Not Verified; Microsoft Corporation; COM Services>
2008-07-16 16:42:36 131584 --a------ C:\WINDOWS\system32\sndrec32.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-16 16:42:36 134144 --a------ C:\WINDOWS\system32\mplay32.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-16 16:42:36 184320 --a------ C:\WINDOWS\system32\accwiz.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-16 16:42:35 538624 --a------ C:\WINDOWS\system32\spider.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-16 16:42:35 343040 --a------ C:\WINDOWS\system32\mspaint.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-16 16:42:35 146432 --a------ C:\WINDOWS\system32\clipbrd.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-16 16:42:35 0 d-------- C:\Program Files\Windows NT
2008-07-16 16:42:34 55296 --a------ C:\WINDOWS\system32\tscupgrd.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-16 16:42:34 176128 --a------ C:\WINDOWS\system32\rdshost.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-16 16:42:34 57344 --a------ C:\WINDOWS\system32\rdsaddin.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-16 16:42:34 73728 --a------ C:\WINDOWS\system32\rdpclip.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-16 16:42:34 677888 --a------ C:\WINDOWS\system32\mstsc.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-16 16:42:33 30720 --a------ C:\WINDOWS\system32\qprocess.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-16 16:42:33 0 d-------- C:\WINDOWS\system32\MsDtc
2008-07-16 16:42:32 0 d-------- C:\WINDOWS\system32\Com
2008-07-07 00:40:49 56108 --a------ C:\WINDOWS\system32\drivers\scdemu.sys <Not Verified; PowerISO Computing, Inc.; scdemu>


-- Find3M Report ---------------------------------------------------------------

2008-07-30 00:06:01 10752 --a------ C:\WINDOWS\system32\dumprep.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-30 00:05:34 13312 --a------ C:\WINDOWS\system32\savedump.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-29 22:04:56 679936 --a------ C:\WINDOWS\system32\sstext3d.scr <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-29 22:04:55 14336 --a------ C:\WINDOWS\system32\ssstars.scr <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-29 22:04:55 708608 -----n--- C:\WINDOWS\system32\sspipes.scr <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-29 22:04:52 18944 --a------ C:\WINDOWS\system32\ssmyst.scr <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-29 22:04:51 47104 --a------ C:\WINDOWS\system32\ssmypics.scr <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-29 22:04:50 20992 --a------ C:\WINDOWS\system32\ssmarque.scr <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-29 22:04:50 393216 --a------ C:\WINDOWS\system32\ssflwbox.scr <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-29 22:04:49 19968 --a------ C:\WINDOWS\system32\ssbezier.scr <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-29 22:04:46 704512 --a------ C:\WINDOWS\system32\ss3dfo.scr <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-29 22:04:43 9216 --a------ C:\WINDOWS\system32\scrnsave.scr <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-29 21:25:27 100864 --a------ C:\WINDOWS\system32\logagent.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-29 20:43:36 1339392 --a------ C:\WINDOWS\system32\nvdspsch.exe
2008-07-29 20:43:33 13824 --a------ C:\WINDOWS\system32\convert.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-29 20:42:17 155648 --a------ C:\WINDOWS\system32\wscript.exe <Not Verified; Microsoft Corporation; Microsoft ® Windows Script Host>
2008-07-29 20:42:17 135168 --a------ C:\WINDOWS\system32\cscript.exe <Not Verified; Microsoft Corporation; Microsoft ® Windows Script Host>
2008-07-29 20:42:16 180224 --a------ C:\WINDOWS\system32\dwwin.exe <Not Verified; Microsoft Corporation; Microsoft Application Error Reporting>
2008-07-29 20:42:15 45568 --a------ C:\WINDOWS\system32\drwtsn32.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-29 20:41:32 168448 --a------ C:\WINDOWS\system32\taskmgr.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-29 20:41:22 5632 --a------ C:\WINDOWS\system32\winver.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-29 20:41:02 123392 --a------ C:\WINDOWS\system32\runonce.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-29 20:40:36 64000 --a------ C:\WINDOWS\system32\cleanmgr.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-29 20:40:33 499200 --a------ C:\WINDOWS\system32\wiaacmgr.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-29 20:40:17 50176 --a------ C:\WINDOWS\system32\utilman.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-29 20:40:16 215552 --a------ C:\WINDOWS\system32\osk.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-29 20:40:16 53760 --a------ C:\WINDOWS\system32\narrator.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-29 20:40:15 72704 --a------ C:\WINDOWS\system32\magnify.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-29 20:40:14 1630208 --a------ C:\WINDOWS\system32\nwiz.exe
2008-07-29 20:40:12 454656 --a------ C:\WINDOWS\system32\cmd.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-29 20:40:03 33280 --a------ C:\WINDOWS\system32\rundll32.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-29 20:39:32 22016 --a------ C:\WINDOWS\system32\mpnotify.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-29 20:39:10 420864 --a------ C:\WINDOWS\system32\ntvdm.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-29 20:37:53 68608 --a------ C:\WINDOWS\system32\spoolsv.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-29 20:37:53 55296 --a------ C:\WINDOWS\system32\alg.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-29 20:36:45 283648 --a------ C:\WINDOWS\winhlp32.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-17 00:37:46 62 --ahs---- C:\Documents and Settings\Justin\Application Data\desktop.ini
2008-05-16 14:01:00 1019904 --a------ C:\WINDOWS\system32\nvwimg.dll
2008-05-16 14:01:00 1703936 --a------ C:\WINDOWS\system32\nvwdmcpl.dll
2008-05-16 14:01:00 466944 --a------ C:\WINDOWS\system32\nvshell.dll
2008-05-16 14:01:00 1486848 --a------ C:\WINDOWS\system32\nview.dll
2008-05-16 14:01:00 552960 --a------ C:\WINDOWS\system32\nvappbar.exe
2008-05-16 14:01:00 471040 --a------ C:\WINDOWS\system32\keystone.exe


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [01/29/2008 00:47 C:\WINDOWS\RTHDCPL.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [05/16/2008 14:01]
"nwiz"="nwiz.exe" [07/29/2008 20:40 C:\WINDOWS\system32\nwiz.exe]
"LiveMonitor"="C:\Program Files\MSI\Live Update 3\LMonitor.exe" [01/23/2008 18:22]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [07/09/2008 14:33]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [07/16/2008 20:07]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [07/29/2008 20:37]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [07/29/2008 20:40]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [06/10/2008 04:27]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [05/16/2008 14:01]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [07/29/2008 20:40]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [07/29/2008 20:40]
"Zune Launcher"="c:\Program Files\Zune\ZuneLauncher.exe" [04/29/2008 19:56]
"runner1"="C:\WINDOWS\mrofinu1001186.exe" [07/30/2008 04:36]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [10/18/2007 11:34]
"LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [06/08/2005 14:44]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools\DAEMON Tools Lite\daemon.exe" [07/17/2008 05:20]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
C:\WINDOWS\System32\dimsntfy.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Orbit.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Orbit.lnk
backup=C:\WINDOWS\pss\Orbit.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WebcamMaxMoniter]
"C:\Program Files\WebcamMax\CAMTHINS.exe" /m

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ZuneNetworkSvc"=3 (0x3)
"Bonjour Service"=2 (0x2)
"Apple Mobile Device"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
eapsvcs eaphost
dot3svc dot3svc

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
napagent
hkmsvc

*Newly Created Service* -



-- End of Deckard's System Scanner: finished at 2008-07-30 15:48:06 ------------

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 3.0
Architecture: X86; Language: English

CPU 0: Intel® Core™2 Quad CPU Q6600 @ 2.40GHz
Percentage of Memory in Use: 23%
Physical Memory (total/avail): 2047.22 MiB / 1558.58 MiB
Pagefile Memory (total/avail): 3943.35 MiB / 3534.92 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1917.35 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 149 GiB total, 32.34 GiB free.
D: is CDROM (UDF)
E: is CDROM (No Media)
F: is CDROM (No Media)
G: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - WDC WD1600JD-75HBB0 - 149.01 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 149 GiB - C:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Justin\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=JUSTINCOMP
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Justin
LOGONSERVER=\\JUSTINCOMP
MOZ_CRASHREPORTER_DATA_DIRECTORY=C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Crash Reports
MOZ_CRASHREPORTER_RESTART_ARG_0=C:\Program Files\Mozilla Firefox\firefox.exe
MOZ_CRASHREPORTER_STRINGS_OVERRIDE=C:\Program Files\Mozilla Firefox\crashreporter-override.ini
NUMBER_OF_PROCESSORS=4
OS=Windows_NT
Path=C:\Program Files\Mozilla Firefox;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\Program Files\QuickTime\QTSystem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 11, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0f0b
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip
SESSIONNAME=Console
sourcesdk=c:\program files\steam\steamapps\kajiyama\sourcesdk
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Justin\LOCALS~1\Temp
TMP=C:\DOCUME~1\Justin\LOCALS~1\Temp
USERDOMAIN=JUSTINCOMP
USERNAME=Justin
USERPROFILE=C:\Documents and Settings\Justin
VProject=c:\program files\steam\steamapps\kajiyama\half-life 2 episode two\ep2
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Justin (admin)
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Anchor Service CS3 --> MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3 --> MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge CS3 --> MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting --> MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe Camera Raw 4.0 --> MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps --> MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color - Photoshop Specific --> MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
Adobe Color Common Settings --> MsiExec.exe /I{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}
Adobe Color EU Extra Settings --> MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8}
Adobe Color JA Extra Settings --> MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Recommended Settings --> MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5}
Adobe Default Language CS3 --> MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3 --> MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe ExtendScript Toolkit 2 --> MsiExec.exe /I{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Fonts All --> MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Help Viewer CS3 --> MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
Adobe Linguistics CS3 --> MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe PDF Library Files --> MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop CS3 --> C:\Program Files\Common Files\Adobe\Installers\2ac78060bc5856b0c1cf873bb919b58\Setup.exe
Adobe Photoshop CS3 --> MsiExec.exe /I{0046FA01-C5B9-4985-BACB-398DC480FC05}
Adobe Setup --> MsiExec.exe /I{D1BB4446-AE9C-4256-9A7F-4D46604D2462}
Adobe Stock Photos CS3 --> MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe Type Support --> MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3 --> MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client --> MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe WinSoft Linguistics Plugin --> MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe XMP Panels CS3 --> MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923}
Apple Mobile Device Support --> MsiExec.exe /I{35B91753-5789-4517-9CF1-2CCE3A8CF4F1}
Apple Software Update --> MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F}
Arcanum --> MsiExec.exe /I{08E9C35A-A0AE-43FA-AEA1-E4F58A87FBD1}
Audacity 1.3.5 (Unicode) --> "C:\Program Files\Audacity 1.3 Beta (Unicode)\unins000.exe"
Audiosurf --> MsiExec.exe /I{6D316D67-DA52-4659-9C98-F479963534D6}
AVI Codec Pack --> C:\Program Files\AVI Codec Pack\uninstall.exe
BitComet 1.02 --> C:\Program Files\BitComet\uninst.exe
BODLoader 0.5a --> C:\Codemasters\Severance\BODLoader\unins000.exe
Bonjour --> MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
Cheat Engine 5.4 --> "C:\Program Files\Cheat Engine\unins000.exe"
CleanUp! --> C:\Program Files\CleanUp!\uninstall.exe
DAEMON Tools Toolbar --> C:\Program Files\DAEMON Tools Toolbar\uninst.exe
dBpoweramp Music Converter --> "C:\WINDOWS\system32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\system32\SpoonUninstall-dBpoweramp Music Converter.dat
Deus Ex --> C:\DeusEx\System\Setup.exe uninstall "Deus Ex"
EVEREST Home Edition v2.20 --> "C:\Program Files\Lavalys\EVEREST Home Edition\unins000.exe"
ExtractNow --> "C:\Program Files\ExtractNow\unins000.exe"
File Deleter version 1.0 --> "C:\Program Files\FileDeleter\unins000.exe"
Flash Decompiler Trillix --> "C:\Program Files\Eltima Software\Flash Decompiler Trillix\unins000.exe"
Float32 2.0 --> MsiExec.exe /I{FED34B00-1DA2-4F4C-A3EC-A5F5893F5D86}
FLV Player 2.0, build 24 --> C:\Program Files\FLV Player\uninst.exe
Frets On Fire --> "C:\Program Files\Frets on Fire\Uninstall.exe"
Frets on Fire - Alarian mod 2.63b --> C:\PROGRA~1\Alarian\UNWISE.EXE C:\PROGRA~1\Alarian\INSTALL.LOG
GCFScape 1.6.8 --> "C:\Program Files\GCFScape\unins000.exe"
Gears of War --> C:\Program Files\InstallShield Installation Information\{1170D24F-42B7-40CF-AA1B-6395CE562354}\setup.exe -runfromtemp -l0x0409
GIMP 2.4.6 --> "C:\Program Files\GIMP-2.0\setup\unins000.exe"
GoldWave v5.23 --> "C:\Program Files\GoldWave\unstall.exe" "GoldWave v5.23" "C:\Program Files\GoldWave\unstall.log"
Hamachi 1.0.2.5 --> C:\Program Files\Hamachi\uninstall.exe
High Definition Audio Driver Package - KB888111 --> "C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
iTunes --> MsiExec.exe /I{EF6C4600-306D-4F6A-A119-C2A877D25B4A}
Java™ 6 Update 7 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
LimeWire 4.18.3 --> "C:\Program Files\LimeWire\uninstall.exe"
LiveUpdate 3.3 (Symantec Corporation) --> "C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
Logitech QuickCam Software --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C43048A9-742C-4DAD-90D2-E3B53C9DB825}\setup.exe" -l0x9
Logitech® Camera Driver --> "C:\Program Files\Common Files\Logitech\QCDRV\BIN\SETUP.EXE" UNINSTALL REMOVEPROMPT
Macromedia Extension Manager --> MsiExec.exe /I{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}
Macromedia Flash 8 --> MsiExec.exe /I{2BD5C305-1B27-4D41-B690-7A61172D2FEB}
Macromedia Flash 8 Video Encoder --> MsiExec.exe /X{8BF2C401-02CE-424D-BC26-6C4F9FB446B6}
Malwarebytes' Anti-Malware --> "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
MapleStory --> MsiExec.exe /I{7A512A34-F4E8-43C4-BD80-43A022B31BF6}
MapleStory --> MsiExec.exe /I{FF493A32-7886-4C6B-8EDD-9387670E4F93}
Microsoft Games for Windows - LIVE Redistributable --> MsiExec.exe /X{20DEB77C-21D6-4D22-BB47-233E47613D57}
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7 --> "C:\WINDOWS\$NtUninstallWdf01007$\spuninst\spuninst.exe"
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mozilla Firefox (3.0.1) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSI Live Update 3 --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\MSI\Live Update 3\Uninst.isu"
NVIDIA Drivers --> C:\WINDOWS\system32\nvuninst.exe UninstallGUI
Orbit Downloader --> "C:\Program Files\Orbitdownloader\unins000.exe"
PDF Settings --> MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
Phantasy Star Online Blue Burst 1.0 --> "C:\Program Files\Phantasy Star Online Blue Burst\unins000.exe"
PowerISO --> "C:\Program Files\PowerISO\uninstall.exe"
QuickTime --> MsiExec.exe /I{08CA9554-B5FE-4313-938F-D4A417B81175}
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek High Definition Audio Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x9 -removeonly
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Severance: Blade of Darkness --> MsiExec.exe /I{1F8FB0FA-6FF2-4B2F-BE2F-7266AFB0895D}
SpeedFan (remove only) --> "C:\Program Files\SpeedFan\uninstall.exe"
TeamViewer 3 --> C:\Program Files\TeamViewer3\uninstall.exe
The Wonderful End of the World Demo --> "C:\Program Files\Steam\steam.exe" steam://uninstall/15510
Thermal Analysis Tool --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6B2C675E-8040-431B-99C4-137DF4FBF75A}\setup.exe" -l0x9 -removeonly
Trillian --> C:\Program Files\Trillian\trillian.exe /uninstall
Ventrilo Client --> MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
VTFEdit 1.2.5 --> "C:\Program Files\VTFEdit\unins000.exe"
Wacom Tablet --> C:\Program Files\Tablet\Wacom\Remove.exe /u
WebcamMax --> "C:\Program Files\WebcamMax\uninst.exe"
Winamp --> "C:\Program Files\Winamp\UninstWA.exe"
Winamp Toolbar for Firefox --> "C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\3wn5xo6b.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\uninstall.exe"
Winamp Toolbar for Internet Explorer --> "C:\Program Files\Winamp Toolbar\uninstall.exe"
Windows Live installer --> MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Messenger --> MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows XP Service Pack 3 --> "C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archiver --> C:\Program Files\WinRar\uninstall.exe
Zune --> c:\Program Files\Zune\ZuneSetup.exe /x
Zune --> MsiExec.exe /X{FF70513F-E3A7-402F-84FB-B7810A064BE2}
Zune Language Pack (ES) --> MsiExec.exe /X{EE4ACABF-531E-419A-9225-B8E0FA4955AF}
Zune Language Pack (FR) --> MsiExec.exe /X{0076E1AC-9E7B-4B9F-A62A-4CC9511AD8E3}


-- Application Event Log -------------------------------------------------------

Event Record #/Type1383 / Success
Event Submitted/Written: 07/30/2008 02:21:19 AM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type1377 / Error
Event Submitted/Written: 07/30/2008 02:14:58 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application lmonitor.exe, version 1.0.0.3, faulting module lmonitor.exe, version 1.0.0.3, fault address 0x00081810.
Processing media-specific event for [lmonitor.exe!ws!]

Event Record #/Type1375 / Error
Event Submitted/Written: 07/30/2008 01:52:03 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application Rtvscan.exe, version 11.0.777.1008, faulting module ntdll.dll, version 5.1.2600.5512, fault address 0x0001b1fa.
Processing media-specific event for [Rtvscan.exe!ws!]

Event Record #/Type1373 / Error
Event Submitted/Written: 07/30/2008 01:10:45 AM
Event ID/Source: 74 / Symantec AntiVirus
Event Description:
PTS has generated an error: code 11: description: Whitelist Failure

Event Record #/Type1370 / Warning
Event Submitted/Written: 07/30/2008 00:00:19 AM
Event ID/Source: 1001 / MsiInstaller
Event Description:
Detection of product '{FB8A4E30-9915-4814-ADF9-42E00D9FDC3D}', feature 'Core' failed during request for component '{30466A58-8174-4ED4-9171-A4D739E84E3A}'



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type2429 / Error
Event Submitted/Written: 07/30/2008 00:48:18 PM
Event ID/Source: 58 / SideBySide
Event Description:
Syntax error in manifest or policy file "Manifest Parse Error : Invalid at the top level of the document.
1" on line Manifest Parse Error : Invalid at the top level of the document.
2.

Event Record #/Type2428 / Error
Event Submitted/Written: 07/30/2008 00:48:16 PM
Event ID/Source: 59 / SideBySide
Event Description:
Generate Activation Context failed for C:\Program Files\Illustrate\dBpoweramp\GetPopupInfo.exe.
Reference error message: The operation completed successfully.
.

Event Record #/Type2427 / Error
Event Submitted/Written: 07/30/2008 00:48:16 PM
Event ID/Source: 58 / SideBySide
Event Description:
Syntax error in manifest or policy file "Manifest Parse Error : Invalid at the top level of the document.
1" on line Manifest Parse Error : Invalid at the top level of the document.
2.

Event Record #/Type2426 / Error
Event Submitted/Written: 07/30/2008 00:48:14 PM
Event ID/Source: 59 / SideBySide
Event Description:
Generate Activation Context failed for C:\Program Files\Illustrate\dBpoweramp\GetPopupInfo.exe.
Reference error message: The operation completed successfully.
.

Event Record #/Type2425 / Error
Event Submitted/Written: 07/30/2008 00:48:14 PM
Event ID/Source: 58 / SideBySide
Event Description:
Syntax error in manifest or policy file "Manifest Parse Error : Invalid at the top level of the document.
1" on line Manifest Parse Error : Invalid at the top level of the document.
2.



-- End of Deckard's System Scanner: finished at 2008-07-30 15:48:06 ------------




Please reply, and soon. Actions I've taken include using my router settings to block the port 65520, which, as I understand, is the port used by Virut to connect to the IRC server. I've also run ComboFix, SmitFraudFix, and a MalwareBytes scan. All of which seem to have not even made a dent. I had Norton's Endpoint Protection run a scan, too... But, soon after the scan, the Virus Scanning options disappeared from Norton's control panel. When I tried to reinstall, the 'preparing to install' process looped.
I'm at the end of my rope here, but I can't bear to lose the information on this hard drive.

If needed, I can provide instant messaging information.
Thanks in advance. :)
-Justin(panaramic)

p.s.; I realize that some 'unprofessional' content is stored on this computer. If any logs return information about it, please don't make a big deal of it. I've got much more important things to worry about than my decency. :thumbsup:

Edited by panaramic, 30 July 2008 - 06:35 PM.


BC AdBot (Login to Remove)

 


#2 Blender

Blender

    I will eat your Malware


  • Malware Response Team
  • 2,363 posts
  • OFFLINE
  •  
  • Location:Ontario
  • Local time:08:38 PM

Posted 09 August 2008 - 08:28 PM

Hi Justin and welcome,

Sorry for the delay as we have been backlogged.

I do not like to be the bearer of bad news but virut infection is a bad one as you have read.

It destroys almost all exes and scr files and each file is modified different so cleaning is not possible in this case.
Any zipped up archives with exes or scr files will also be infected.
Disinfection by any AV programs can result of the virus being removed but the exes are damaged beyond repair and won't work after.

Pretty good discussion here about it:
http://forum.kaspersky.com/lofiversion/index.php/t48429.html

I hate to say it but I believe the only way you are going to get your system back is to back up your pics, mp3s, movies, and format/re-install.
Don't back up any exes or zipped up exes or you run risk of infecting the system again.
This will affect all drives.

I suggest you install your XP on the new drive, get it all set up with your drivers, updates, antivirus protection before slaving your infected hard drive to it.

Long as it is slaved and you run Nothing from that drive -- you should be OK.
You should likely scan the drive first & let your antivirus take out the virus first before doing much else. Just in case.

Cannot save EXEs (your games) but you can grab your pictures, music & docs OK.
Any zips with exes in them will also be infected so avoid saving those as well.

These pages too will benifet in setting up protection on your new install:

http://users.telenet.be/bluepatchy/miekiem...prevention.html
http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/



Good luck & Let me know how it works out. :thumbsup:
I'll have an order of massive trojan attack please with a side order of rootkit and virus dip.
Pre-course order of fresh spyware salad please with a side order of polymorphic dressing.
And to drink...a nice tall glass of adware!

For dessert; can I have a bowl of the freshest worms you have please?.

Never Give Up!

If you are happy with the service I provided, please consider making a donation to help me continue the fight against Malware Posted Image

#3 Blender

Blender

    I will eat your Malware


  • Malware Response Team
  • 2,363 posts
  • OFFLINE
  •  
  • Location:Ontario
  • Local time:08:38 PM

Posted 17 August 2008 - 12:26 AM

Hello,

Due to lack of feedback, this topic is now closed.
If you need it re-opened please PM me.

All others please begin new topic.

Thanks,

Blender
I'll have an order of massive trojan attack please with a side order of rootkit and virus dip.
Pre-course order of fresh spyware salad please with a side order of polymorphic dressing.
And to drink...a nice tall glass of adware!

For dessert; can I have a bowl of the freshest worms you have please?.

Never Give Up!

If you are happy with the service I provided, please consider making a donation to help me continue the fight against Malware Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users