Windows No disk
my problem is this... At start up this text box appears "Windows-No Disk" "Exception Processing Message c0000013 Parameters 75b6bf9c 475b6bf9c 756bf9c" . My desktop is blank even after i click the continue button. I can only access my progams by doing ctrl+alt+del then new task button . A virus caused this "win32\herleq" "virumonde" "win32.small.azl" . I already cleaned my computer with CA eztrust av..and Spybot. But I still Have the problem.. Please help..
I am on windows xp sp2..(grin)
I am on windows xp sp2..(grin)
0
Comments
First I'd like to see what you have there.
Please do the following...
Download Deckard's System Scanner (DSS)
Attention: You must be logged onto an account with administrator privileges.
The error message is gone but my desktop is still not okay. It shows for about 15 secs then goes blank, sometimes it does this on-off display 2-3 times and goes blank. Here are the log files I copied. Thank you once again..:)
main file..
Deckard's System Scanner v20071014.68
Run by Maimai on 2008-04-03 17:08:26
Computer is in Normal Mode.
-- System Restore
-- Last 5 Restore Point(s) --
24: 2008-04-03 06:31:56 UTC - RP641 - Deckard's System Scanner Restore Point
23: 2008-04-02 11:42:56 UTC - RP640 - Advanced WindowsCare RestorePoint
22: 2008-04-02 11:33:41 UTC - RP639 - Removed ErrorDoctor
21: 2008-04-02 11:33:21 UTC - RP638 - Installed ErrorDoctor
20: 2008-04-02 11:31:41 UTC - RP637 - Configured ErrorDoctor
-- First Restore Point --
1: 2008-04-01 14:06:59 UTC - RP618 - RegCure Backup
Backed up registry hives.
Performed disk cleanup.
Total Physical Memory: 504 MiB (512 MiB recommended).
System Drive C: has 2.07 GiB (less than 15%) free.
-- HijackThis Clone
Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-04-03 17:12:01
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\MDM.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\SatSrv.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\tsnp2std.exe
C:\WINDOWS\vsnp2std.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Documents and Settings\Maimai\Desktop\dss.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: 127.255.255.255 serial.alcohol-soft.com
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {060BB0AB-4B09-4C51-9ECB-9580A6D08D7F} - C:\WINDOWS\system32\fccATkKb.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Steganos Password Manager AutoFill - {1427A821-7B93-4F08-9A34-9FA03A3D93DB} - C:\Program Files\Steganos Security Suite 2007\PasswordManagerBHO.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: (no name) - {BBC3548B-A6CF-43EE-B463-C898BB52C74F} - C:\WINDOWS\system32\ssqqOheB.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: (no name) - {98279C38-DE4B-4bcf-93C9-8EC26069D6F4} - (no file)
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [DrvLsnr] C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [tsnp2std] C:\WINDOWS\tsnp2std.exe
O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe
O4 - HKLM\..\Run: [Flashget] C:\Program Files\FlashGet\flashget.exe /min
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} () - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} () - http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
O16 - DPF: {EA7F451B-94DD-4009-A8BF-8F977B0B2696} () - http://pbells.broadjump.com/wizlet/StandardInstall/static/controls/WebflowActiveXInstaller_4-2-0.cab
O18 - Protocol: lid - {5C135180-9973-46D9-ABF4-148267CBB8BF} - C:\WINDOWS\system32\msvidctl.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
O20 - Winlogon Notify: crypt32chain - C:\WINDOWS\system32\crypt32.dll
O20 - Winlogon Notify: cryptnet - C:\WINDOWS\system32\cryptnet.dll
O20 - Winlogon Notify: cscdll - C:\WINDOWS\system32\cscdll.dll
O20 - Winlogon Notify: fccATkKb - C:\WINDOWS\system32\fccATkKb.dll
O20 - Winlogon Notify: ScCertProp - C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: Schedule - C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: SensLogn - C:\WINDOWS\system32\WlNotify.dll
O20 - Winlogon Notify: termsrv - C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: winmfu32 - C:\WINDOWS\system32\winmfu32.dll (file missing)
O20 - Winlogon Notify: wlballoon - C:\WINDOWS\system32\wlnotify.dll
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Steganos AntiTheft - Unknown owner - C:\WINDOWS\system32\\SatSrv.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\system32\TuneUpDefragService.exe
--
End of file - 11905 bytes
-- File Associations
All associations okay.
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled
R1 cdrbsdrv - c:\windows\system32\drivers\cdrbsdrv.sys <Not Verified; B.H.A Corporation; B's Recorder GOLD>
R1 PCLEPCI - c:\windows\system32\drivers\pclepci.sys <Not Verified; Pinnacle Systems GmbH; PCLEPCI>
R1 SCDEmu - c:\windows\system32\drivers\scdemu.sys <Not Verified; PowerISO Computing, Inc.; scdemu>
R2 ALIEHCD (ALi PCI to USB Enhanced Host Controller) - c:\windows\system32\drivers\aliehci.sys <Not Verified; ALi Corporation; ALi Ehci Host Controller Driver>
R3 aeaudio - c:\windows\system32\drivers\aeaudio.sys <Not Verified; Andrea Electronics Corporation; Andrea Audio Driver>
R3 aliroothub (USB 2.0 Root Hub) - c:\windows\system32\drivers\alirthub.sys <Not Verified; ALi Corporation; ALi Roothub Driver for USB2.0>
R3 ASAPIW2k - c:\windows\system32\drivers\asapiw2k.sys <Not Verified; Pinnacle Systems GmbH; asapi>
R3 MarvinBus (Pinnacle Marvin Bus) - c:\windows\system32\drivers\marvinbus.sys <Not Verified; Pinnacle Systems GmbH; Pinnacle Marvin Discrete>
R3 pcouffin (VSO Software pcouffin) - c:\windows\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
R3 pfc (PADUS ASPI SHELL) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus(R) ASPI Shell>
R3 smwdm - c:\windows\system32\drivers\smwdm.sys <Not Verified; Analog Devices, Inc.; SoundMAX Digital Audio Driver>
S2 BDRSDRV - c:\program files\softwin\bitdefender10\bdrsdrv.sys (file missing)
S2 ousbehci (NEC PCI to USB Enhanced Host Controller) - c:\windows\system32\drivers\ousbehci.sys <Not Verified; OrangeWare Corporation; USB 2.0 Enhanced Host Controller Driver>
S3 BDFSDRV - c:\program files\softwin\bitdefender10\bdfsdrv.sys (file missing)
S3 cwrwdm (SoundFusion(tm) WDM Driver) - c:\windows\system32\drivers\cwrwdm.sys <Not Verified; Crystal Semiconductor Corp.; Crystal CS4281>
S3 MREMPR5 (MREMPR5 NDIS Protocol Driver) - c:\program files\common files\motive\mrempr5.sys <Not Verified; Motive, Inc.; Motive Rawether for Windows>
S3 MRENDIS5 (MRENDIS5 NDIS Protocol Driver) - c:\program files\common files\motive\mrendis5.sys <Not Verified; Motive, Inc.; Motive Rawether for Windows>
S3 SNP2STD (USB2.0 PC Camera (SNP2STD)) - c:\windows\system32\drivers\snp2sxp.sys <Not Verified; ; USB2.0 PC Camera driver>
S3 USB_RNDIS_XP (Westell WireSpeed Dual Connect Modem) - c:\windows\system32\drivers\usb8023.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled
R2 ekrn (Eset Service) - "c:\program files\eset\eset smart security\ekrn.exe" <Not Verified; ESET; ESET Smart Security>
R2 Steganos AntiTheft - c:\windows\system32\\satsrv.exe
R2 UxTuneUp (TuneUp Theme Extension) - c:\windows\system32\svchost.exe -k netsvcs <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
S3 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>
-- Device Manager: Disabled
No disabled devices found.
-- Scheduled Tasks
2008-04-03 17:00:06 440 --a
C:\WINDOWS\Tasks\RegCure Program Check.job
2008-04-02 20:20:23 412 --a
C:\WINDOWS\Tasks\AwcProUpdate.job
2008-04-02 19:41:35 400 --a
C:\WINDOWS\Tasks\Advanced WindowsCare V2 Pro.job
2008-03-28 17:15:46 378 --a
C:\WINDOWS\Tasks\1-Click Maintenance.job
2008-03-28 13:10:10 284 --a
C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2008-03-19 23:36:56 374 --a
C:\WINDOWS\Tasks\RegCure.job
-- Files created between 2008-03-03 and 2008-04-03
2008-04-02 22:05:17 494352 --a
C:\WINDOWS\system32\SHDOC401.DLL <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) 2000 Operating System>
2008-04-02 22:05:17 356352 --a
C:\WINDOWS\system32\eSellerateEngine.dll <Not Verified; eSellerate Inc.; eSellerateEngine>
2008-04-02 22:05:17 81920 --a
C:\WINDOWS\system32\ESELLERATECONTROL350.DLL <Not Verified; eSellerate Inc.; eSellerate ActiveX Control>
2008-04-02 22:05:11 0 d
C:\Program Files\1 Click PC Fix 2007
2008-04-02 19:39:26 10049 --a
C:\WINDOWS\msvrc20.dll
2008-04-02 19:39:23 0 d
C:\Program Files\IObit
2008-04-02 19:36:09 0 d--hs---- C:\Documents and Settings\Maimai\Recent
2008-04-02 17:07:41 0 d
C:\Documents and Settings\Maimai\Application Data\ESET
2008-04-02 16:48:35 0 d
C:\Documents and Settings\All Users\Application Data\ESET
2008-04-02 13:21:31 0 d
C:\Documents and Settings\NetworkService\Application Data\Adobe
2008-04-02 12:09:13 0 d
C:\Program Files\Windows Doctor
2008-04-01 14:05:47 35840 --a
C:\WINDOWS\system32\rqRKbxyY.dll
2008-04-01 13:56:04 35840 --a
C:\WINDOWS\system32\vtUonoOi.dll
2008-04-01 13:54:45 35840 --a
C:\WINDOWS\system32\hgGwwxUm.dll
2008-04-01 13:47:09 35840 --a
C:\WINDOWS\system32\awtsQKcd.dll
2008-04-01 13:46:46 35840 --a
C:\WINDOWS\system32\awtsQIBt.dll
2008-04-01 11:17:40 0 d
C:\Program Files\CA Yahoo! Anti-Spy
2008-03-31 23:00:19 0 d
C:\Program Files\EsetOnlineScanner
2008-03-31 21:13:10 81984 --a
C:\WINDOWS\system32\bdod.bin
2008-03-31 21:05:47 0 d
C:\Documents and Settings\All Users\Application Data\BitDefender
2008-03-31 20:59:52 0 d
C:\Documents and Settings\All Users\Application Data\Avg7
2008-03-31 01:09:48 0 d
C:\Documents and Settings\Maimai\Application Data\Grisoft
2008-03-31 01:09:10 0 d
C:\Documents and Settings\All Users\Application Data\Grisoft
2008-03-30 09:54:23 0 d
C:\WINDOWS\pss
2008-03-29 15:42:55 162231 --ahs---- C:\WINDOWS\system32\BehOqqss.ini2
2008-03-29 15:42:41 268288 --a
C:\WINDOWS\system32\ssqqOheB.dll
2008-03-29 15:39:10 39424 --a
C:\WINDOWS\system32\byXOgHYp.dll
2008-03-29 15:37:34 39424 --a
C:\WINDOWS\system32\fccATkKb.dll
2008-03-27 23:44:57 0 d
C:\Documents and Settings\Administrator\Application Data\Publish Providers
2008-03-27 23:44:05 0 d
C:\Documents and Settings\Administrator\Application Data\Sony
2008-03-26 18:43:40 0 d
C:\Vdefs
2008-03-26 12:37:09 36352 --a
C:\WINDOWS\system32\drivers\disk.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-03-26 11:40:14 0 d
C:\Program Files\Sony Setup
2008-03-25 23:58:33 0 d
C:\Documents and Settings\Maimai\Application Data\BitComet Turbo
2008-03-25 19:18:02 0 d
C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc
2008-03-25 11:51:18 406016 --a
C:\WINDOWS\system32\PSDrvCheck.exe
2008-03-23 20:30:16 0 d
C:\WINDOWS\WinAVI Video Converter 9.0
2008-03-23 20:30:15 0 d
C:\Program Files\WinAVI Video Converter 9.0
2008-03-22 14:49:01 0 d
C:\WINDOWS\system32\Quicktime
2008-03-22 14:48:59 0 d
C:\Program Files\SmartSound Software
2008-03-22 14:34:28 294912
n--- C:\WINDOWS\system32\pvmjpg21.dll <Not Verified; Pegasus Imaging Corporation; PICVideo>
2008-03-21 23:14:18 0 d
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-21 16:39:41 78184 --a
C:\WINDOWS\system32\GDIPFONTCACHEV1.DAT
2008-03-21 00:44:25 0 d
C:\Documents and Settings\All Users\Application Data\Watermark Factory
2008-03-21 00:43:17 0 d
C:\Program Files\Watermark Factory 2
2008-03-20 22:58:58 22040 ---h
C:\Documents and Settings\Administrator\Application Data\addon.dat
2008-03-19 23:27:01 0 d
C:\Program Files\RegCure
2008-03-19 20:12:49 0 d--h
C:\Program Files\windows_updates
2008-03-19 20:12:48 22040 ---h
C:\Documents and Settings\Maimai\Application Data\addon.dat
2008-03-19 14:59:28 0 d
C:\Program Files\DivX
2008-03-18 21:34:38 0 d
C:\Documents and Settings\Maimai\Application Data\UseNeXT
2008-03-18 21:34:09 0 d--h
C:\WINDOWS\windows
2008-03-17 19:42:51 0 d
C:\Program Files\GoldWave
2008-03-16 11:03:39 2019 --a
C:\WINDOWS\NewRecorder.reg
2008-03-16 11:03:07 0 d
C:\Program Files\Steinberg
2008-03-16 11:02:31 0 d
C:\Documents and Settings\All Users\Application Data\InstallShield
2008-03-15 13:02:26 221184 --a
C:\WINDOWS\system32\wmpns.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows Media Player>
2008-03-15 13:02:24 0 d
C:\Documents and Settings\Administrator\Application Data\Identities
2008-03-15 09:30:58 0 d
C:\Program Files\Common Files\SureThing Shared
2008-03-15 09:20:38 0 d
C:\Program Files\proDAD
2008-03-14 11:49:08 5272 --a
C:\WINDOWS\BricoPackFoldersDelete.cmd
2008-03-14 00:23:27 0 d
C:\temp
2008-03-12 13:23:08 0 d
C:\Documents and Settings\Maimai\Application Data\InstallShield
2008-03-11 21:15:28 0 d
C:\Program Files\AdorageI-SAL
2008-03-11 12:27:19 0 d--hs---- C:\WINDOWS\CSC
2008-03-11 12:12:12 1577045 --a
C:\WINDOWS\system32\SaFireU.dll <Not Verified; Pinnacle Systems, Inc.; SaFire Unicode Video Processing DLL>
2008-03-11 12:12:11 32256 --a
C:\WINDOWS\system32\pcleUtil.dll <Not Verified; Pinnacle Systems GmbH; Pinnacle Utilities>
2008-03-11 12:12:11 102400 --a
C:\WINDOWS\system32\pcleSplice.dll <Not Verified; Pinnacle Systems GmbH; Pinnacle Splice Module>
2008-03-11 12:12:11 192512 --a
C:\WINDOWS\system32\pcleIScl.dll <Not Verified; Pinnacle Systems GmbH; Pinnacle Image Scaler>
2008-03-11 12:12:11 114688
n--- C:\WINDOWS\system32\pcleDVdc.dll <Not Verified; Pinnacle Systems GmbH; Pinnacle DV Decoder>
2008-03-11 12:12:11 90112
n--- C:\WINDOWS\system32\pcleDVcd.dll <Not Verified; Pinnacle Systems GmbH; Pinnacle DV Encoder>
2008-03-11 12:12:11 90112
n--- C:\WINDOWS\system32\pcleADV.dll <Not Verified; Pinnacle Systems GmbH; Pinnacle Audio DV>
2008-03-11 12:12:11 262144 --a
C:\WINDOWS\system32\MP4FileLib.dll <Not Verified; dicas digital image coding GmbH; mpegable MP4FileLib>
2008-03-11 12:12:11 94208 --a
C:\WINDOWS\system32\gbtoolsu.dll <Not Verified; Pinnacle Systems; Studio>
2008-03-11 12:12:11 41984 --a
C:\WINDOWS\system32\futilu.dll <Not Verified; Pinnacle Systems; Studio>
2008-03-11 12:12:11 172032 --a
C:\WINDOWS\system32\fileiou.dll <Not Verified; Pinnacle Systems; Studio>
2008-03-11 12:12:11 86016 --a
C:\WINDOWS\system32\DVResampleru.dll
2008-03-11 12:12:11 778240 --a
C:\WINDOWS\system32\dvframes.dll <Not Verified; Pinnacle Systems; Studio>
2008-03-11 12:12:10 1372160 --a
C:\WINDOWS\system32\dsio.dll <Not Verified; Pinnacle Systems; Studio>
2008-03-11 12:12:10 1191936 --a
C:\WINDOWS\system32\dialogsu.dll <Not Verified; Pinnacle Systems; Studio>
2008-03-11 12:12:10 102400 --a
C:\WINDOWS\system32\CSCSaFX.dll <Not Verified; Pinnacle Systems GmbH; CSCnvrt>
2008-03-11 12:12:10 876544
n--- C:\WINDOWS\system32\CSCnvrtX.dll <Not Verified; Pinnacle Systems GmbH; CSCnvrt>
2008-03-11 12:12:10 90112
n--- C:\WINDOWS\system32\ACnvrtX.dll <Not Verified; Pinnacle Systems GmbH; Audio Converter>
2008-03-11 12:05:29 0 d
C:\Program Files\BIAS
2008-03-11 12:03:09 0 d
C:\Documents and Settings\Maimai\Application Data\proDAD
2008-03-10 19:36:57 1712128 --a
C:\WINDOWS\system32\GDIPLUS.DLL <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-03-10 19:28:01 0 d
C:\WINDOWS\system32\URTTEMP
2008-03-10 19:24:29 14165
n--- C:\WINDOWS\system32\drivers\Pclepci.sys <Not Verified; Pinnacle Systems GmbH; PCLEPCI>
2008-03-10 19:24:15 171520 --a
C:\WINDOWS\system32\drivers\MarvinBus.sys <Not Verified; Pinnacle Systems GmbH; Pinnacle Marvin Discrete>
2008-03-10 19:20:51 0 d
C:\Documents and Settings\All Users\Application Data\Pinnacle Studio
2008-03-10 19:16:45 0 d
C:\Documents and Settings\All Users\Application Data\Pinnacle
2008-03-09 20:42:47 0 d
C:\Program Files\LimeWire Ultra Accelerator
2008-03-09 11:48:58 0 d
C:\Program Files\BT Engine
2008-03-09 11:30:51 0 d
C:\Program Files\LimeWire Acceleration Patch
2008-03-06 20:05:22 0 d
C:\Program Files\Alcohol Soft
2008-03-06 20:02:10 715248 --a
C:\WINDOWS\system32\drivers\sptd.sys
2008-03-05 21:17:46 0 d
C:\Program Files\LimeWire Turbo Accelerator
2008-03-05 12:46:44 0 d
C:\Program Files\GlobalSCAPE
2008-03-03 13:18:45 0 d
C:\Documents and Settings\Maimai\Application Data\Rainlendar
2008-03-03 13:18:41 0 d
C:\Program Files\Rainlendar
-- Find3M Report
2008-04-03 17:11:12 0 d
C:\Program Files\FlashGet
2008-04-02 19:33:41 0 d--h
C:\Program Files\InstallShield Installation Information
2008-04-01 11:54:01 0 d
C:\Program Files\Common Files
2008-04-01 11:17:41 0 d
C:\Program Files\Common Files\Scanner
2008-04-01 11:17:32 0 d
C:\Program Files\Yahoo!
2008-03-31 21:02:50 0 d
C:\Program Files\CA
2008-03-30 23:40:18 0 d
C:\Program Files\Movie Maker
2008-03-30 19:09:01 0 d
C:\Program Files\GameHouse
2008-03-30 19:01:00 0 d
C:\Program Files\Clock Tray Skins
2008-03-30 10:59:23 0 d
C:\Program Files\MSXML 4.0
2008-03-29 19:52:20 0 d
C:\Program Files\TuneUp Utilities 2008
2008-03-28 11:37:09 0 d
C:\Program Files\PowerISO
2008-03-27 12:28:47 0 d
C:\Documents and Settings\Maimai\Application Data\LimeWire
2008-03-26 11:43:04 0 d
C:\Program Files\Vstplugins
2008-03-25 19:02:58 0 d
C:\Program Files\Pinnacle Systems
2008-03-25 08:43:44 0 d
C:\Program Files\Pinnacle
2008-03-25 01:45:56 95 --a
C:\AUTOEXEC.BAT
2008-03-16 11:02:02 0 d
C:\Program Files\Common Files\InstallShield
2008-03-15 23:32:10 0 d
C:\Documents and Settings\Maimai\Application Data\Vso
2008-03-15 23:32:09 668 --a
C:\Documents and Settings\Maimai\Application Data\vso_ts_preview.xml
2008-03-14 11:58:30 72074 --a
C:\WINDOWS\BricoPackUninst.cmd
2008-03-12 08:37:08 0 d
C:\Documents and Settings\Maimai\Application Data\Adobe
2008-03-11 22:34:35 0 d
C:\Program Files\Common Files\Adobe
2008-03-11 11:15:31 0 d
C:\Program Files\Conduit
2008-03-06 12:55:15 0 d
C:\Program Files\Do It Again
2008-02-27 23:39:44 0 d
C:\Documents and Settings\Maimai\Application Data\Thinstall
2008-02-27 12:51:42 0 d
C:\Program Files\LimeWire
2008-02-25 22:20:47 0 d
C:\Program Files\Sony
2008-02-24 19:57:36 0 d
C:\Documents and Settings\Maimai\Application Data\Sony
2008-02-23 21:06:29 0 d
C:\Program Files\MIKSOFT
2008-02-22 19:28:23 0 d
C:\Program Files\Audio Editor Gold
2008-02-21 12:15:51 0 d
C:\Program Files\VASST
2008-02-19 18:00:10 0 d
C:\Program Files\Microsoft.NET
2008-02-19 17:59:55 0 d
C:\Program Files\Microsoft SQL Server
2008-02-17 23:50:44 0 d
C:\Documents and Settings\Maimai\Application Data\Publish Providers
2008-02-17 20:18:21 0 d
C:\Program Files\MSBuild
2008-02-17 20:09:46 0 d
C:\Program Files\Reference Assemblies
2008-02-17 04:39:07 0 d
C:\Documents and Settings\Maimai\Application Data\Sony Setup
2008-02-16 13:36:36 0 d
C:\Program Files\Common Files\Digidesign
2008-02-16 13:33:01 0 d
C:\Program Files\SafeNet Sentinel
2008-02-16 13:33:01 0 d
C:\Program Files\Common Files\SafeNet Sentinel
2008-02-13 14:13:26 0 d
C:\Program Files\Common Files\Macrovision Shared
2008-02-11 13:12:38 0 d
C:\Documents and Settings\Maimai\Application Data\Sun
2008-02-11 09:39:26 253952 --a
C:\WINDOWS\system32\OnlineScannerDLLA.dll <Not Verified; ; OnlineScanner Dynamic Link Library>
2008-02-11 09:39:18 237568 --a
C:\WINDOWS\system32\OnlineScannerDLLW.dll <Not Verified; ; OnlineScanner Dynamic Link Library>
2008-02-11 09:07:29 0 d
C:\Documents and Settings\Maimai\Application Data\LEAPS
2008-02-11 08:46:15 0 d
C:\Documents and Settings\Maimai\Application Data\Pegasys Inc
2008-02-11 07:38:24 56976 --a
C:\WINDOWS\system32\GenSvcInst.exe <Not Verified; B.H.A Corporation; B's Recorder GOLD9>
2008-02-11 07:38:24 122512 --a
C:\WINDOWS\system32\bgsvcgen.exe <Not Verified; B.H.A Corporation; B's Recorder GOLD9>
2008-02-11 07:37:19 0 d
C:\Documents and Settings\Maimai\Application Data\LightZone
2008-02-10 20:28:26 0 d
C:\Program Files\Common Files\eSellerate
2008-02-10 20:28:22 0 d
C:\Program Files\LightZone 3
2008-02-09 19:14:26 0 d
C:\Documents and Settings\Maimai\Application Data\Ahead
2008-02-09 15:11:36 0 d
C:\Documents and Settings\Maimai\Application Data\Skype
2008-02-09 13:59:15 0 d
C:\Documents and Settings\Maimai\Application Data\TuneUp Software
2008-02-09 13:57:33 0 d
C:\Program Files\Common Files\Wise Installation Wizard
2008-02-09 01:48:04 0 d
C:\Program Files\DiskTrix
2008-02-08 20:27:12 0 d
C:\Program Files\LucasArts
2008-02-08 19:23:11 0 d
C:\Documents and Settings\Maimai\Application Data\MixMeister Technology
2008-02-08 13:53:46 110592 --a
C:\WINDOWS\system32\OnlineScannerLang.dll <Not Verified; ; OnlineScanner Language Library>
2008-02-05 12:19:53 0 d
C:\Program Files\VSO
2008-02-05 08:48:04 77824 --a
C:\WINDOWS\system32\OnlineScannerUninstaller.exe <Not Verified; ; OnlineScannerUninstaller>
2008-02-05 08:32:09 34 --a
C:\Documents and Settings\Maimai\Application Data\pcouffin.log
2008-02-05 08:32:01 47360 --a
C:\Documents and Settings\Maimai\Application Data\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
2008-02-05 08:32:01 1144 --a
C:\Documents and Settings\Maimai\Application Data\pcouffin.inf
2008-02-05 08:32:01 7887 --a
C:\Documents and Settings\Maimai\Application Data\pcouffin.cat
2008-02-04 08:22:09 0 d
C:\Program Files\CBS Software
2008-02-04 08:17:02 0 d
C:\Program Files\'Full Speed' Internet Booster + Performance Tests
2008-02-04 03:47:54 0 d
C:\Documents and Settings\Maimai\Application Data\AdobeUM
2008-02-03 16:12:24 0 d
C:\Program Files\Java
2008-02-03 15:01:45 0 d
C:\Program Files\Common Files\Java
2008-02-03 12:55:48 0 d
C:\Documents and Settings\Maimai\Application Data\ppstream
2008-02-03 12:55:11 0 d
C:\Documents and Settings\Maimai\Application Data\BITS
2008-02-03 10:22:51 0 d
C:\Program Files\DAMN NFO Viewer
2008-01-30 13:53:06 218624 --a
C:\WINDOWS\system32\uxtheme.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-01-27 08:54:39 1158 --a
C:\WINDOWS\mozver.dat
2008-01-21 14:06:06 0 --a
C:\WINDOWS\nsreg.dat
-- Registry Dump
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{060BB0AB-4B09-4C51-9ECB-9580A6D08D7F}]
03/29/2008 03:37 PM 39424 --a
C:\WINDOWS\system32\fccATkKb.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1427A821-7B93-4F08-9A34-9FA03A3D93DB}]
03/08/2007 07:02 PM 20480 --a
C:\Program Files\Steganos Security Suite 2007\PasswordManagerBHO.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BBC3548B-A6CF-43EE-B463-C898BB52C74F}]
03/29/2008 03:42 PM 268288 --a
C:\WINDOWS\system32\ssqqOheB.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Smapp"="C:\Program Files\Analog Devices\SoundMAX\SMTray.exe" [05/05/2003 10:57 PM]
"DrvLsnr"="C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe" [05/09/2003 01:34 AM]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [06/21/2005 04:48 PM]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [06/22/2005 06:44 AM]
"tsnp2std"="C:\WINDOWS\tsnp2std.exe" [01/07/2006 07:39 AM]
"snp2std"="C:\WINDOWS\vsnp2std.exe" [01/07/2006 03:57 AM]
"Flashget"="C:\Program Files\FlashGet\flashget.exe" [04/01/2008 06:19 PM]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [06/11/2007 05:25 PM]
"egui"="C:\Program Files\ESET\ESET Smart Security\egui.exe" [03/01/2008 04:54 AM]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"LinkResolveIgnoreLinkInfo"=0 (0x0)
"NoResolveSearch"=1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoLowDiskSpaceChecks"=0 (0x0)
"NoSMHelp"=01000000
"NoRecentDocsMenu"=01000000
"ClearRecentDocsOnExit"=01000000
"NoRecentDocsHistory"=01000000
"NoRecentDocsNetHood"=01000000
"NoSMMyDocs"=00000000
"NoSMMyPictures"=01000000
"NoNetworkConnections"=01000000
"NoLogoff"=0 (0x0)
"NoActiveDesktopChanges"=01000000
"LinkResolveIgnoreLinkInfo"=0 (0x0)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{060BB0AB-4B09-4C51-9ECB-9580A6D08D7F}"= C:\WINDOWS\system32\fccATkKb.dll [03/29/2008 03:37 PM 39424]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\fccATkKb]
fccATkKb.dll 03/29/2008 03:37 PM 39424 C:\WINDOWS\system32\fccATkKb.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PCANotify]
PCANotify.dll 04/28/2007 02:10 AM 18744 C:\WINDOWS\system32\PCANotify.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winmfu32]
winmfu32.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\ssqqOheB
"Notification Packages"= :\WINDOWS\syste
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Help]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PinnacleDriverCheck]
C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RocketDock]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkinClock]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TuneUp MemOptimizer]
"C:\Program Files\TuneUp Utilities 2008\MemOptimizer.exe" autostart
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"PWRISOVM.EXE"=C:\Program Files\PowerISO\PWRISOVM.EXE
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
AutoRun\command- E:\bootcd\wintools\autorun.exe
-- Hosts
127.0.0.1 007guard.com
127.0.0.1 www.007guard.com
127.0.0.1 008i.com
127.0.0.1 008k.com
127.0.0.1 www.008k.com
127.0.0.1 00hq.com
127.0.0.1 www.00hq.com
127.0.0.1 010402.com
127.0.0.1 032439.com
127.0.0.1 www.032439.com
6776 more entries in hosts file.
-- End of Deckard's System Scanner: finished at 2008-04-03 17:13:11
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
-- System Information
Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English
CPU 0: Intel(R) Pentium(R) 4 CPU 2.53GHz
Percentage of Memory in Use: 62%
Physical Memory (total/avail): 503.48 MiB / 186.85 MiB
Pagefile Memory (total/avail): 1226.88 MiB / 935.02 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1934.11 MiB
A: is Removable (No Media)
C: is Fixed (NTFS) - 37.26 GiB total, 2.07 GiB free.
D: is CDROM (No Media)
W: is Fixed (FAT32) - 4.41 GiB total, 0.64 GiB free.
Y: is Fixed (NTFS) - 14.65 GiB total, 0.02 GiB free.
\\.\PHYSICALDRIVE0 - WDC WD400BB-60DGA0 - 37.27 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 37.26 GiB - C:
\\.\PHYSICALDRIVE1 - ST320423 A USB Device - 19.07 GiB - 2 partitions
\PARTITION0 (bootable) - Installable File System - 14.65 GiB - Y:
\PARTITION1 - Extended w/Extended Int 13 - 4.42 GiB - W:
-- Security Center
AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.
FW: Bitdefender Firewall v8.0 (Softwin) Disabled
FW: ESET Personal firewall v3.0.645.0 (ESET, spol. s r. o.)
AV: Bitdefender Antivirus v8.0 (Softwin) Disabled
AV: ESET Smart Security 3.0 v3.0 (ESET, spol. s r. o.)
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\WINDOWS\\system32\\dpvsetup.exe"="C:\\WINDOWS\\system32\\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\\WINDOWS\\system32\\rundll32.exe"="C:\\WINDOWS\\system32\\rundll32.exe:*:Enabled:Run a DLL as an App"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\DiskTrix\\UltimateDefrag\\UDefrag.exe"="C:\\Program Files\\DiskTrix\\UltimateDefrag\\UDefrag.exe:*:Enabled:UltimateDefrag V1.64"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype. Take a deep breath "
"C:\\Program Files\\FlashGet\\FlashGet.exe"="C:\\Program Files\\FlashGet\\FlashGet.exe:*:Enabled:Flashget"
"C:\\Program Files\\Java\\jre1.6.0_03\\bin\\javaw.exe"="C:\\Program Files\\Java\\jre1.6.0_03\\bin\\javaw.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\\DOCUME~1\\Maimai\\LOCALS~1\\Temp\\win22.exe"="C:\\DOCUME~1\\Maimai\\LOCALS~1\\Temp\\win22.exe:*:Enabled:win22"
"C:\\DOCUME~1\\Maimai\\LOCALS~1\\Temp\\win3D.exe"="C:\\DOCUME~1\\Maimai\\LOCALS~1\\Temp\\win3D.exe:*:Enabled:win3D"
"C:\\DOCUME~1\\Maimai\\LOCALS~1\\Temp\\win56.exe"="C:\\DOCUME~1\\Maimai\\LOCALS~1\\Temp\\win56.exe:*:Enabled:win56"
"C:\\DOCUME~1\\Maimai\\LOCALS~1\\Temp\\win6F.exe"="C:\\DOCUME~1\\Maimai\\LOCALS~1\\Temp\\win6F.exe:*:Enabled:win6F"
-- Environment Variables
ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Maimai\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=COMPAQHEARTY
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Maimai
LOGONSERVER=\\COMPAQHEARTY
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Intel\DMIX;C:\Program Files\Symantec\pcAnywhere\;C:\Program Files\Common Files\Avid;c:\Program Files\Microsoft SQL Server\90\Tools\binn\;C:\Program Files\Common Files\Adobe\AGL;C:\Program Files\Pinnacle\Shared Files\InstantCDDVD\;C:\Program Files\Pinnacle\Shared Files;C:\Program Files\Pinnacle\Shared Files\Filter
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 7, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0207
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Maimai\LOCALS~1\Temp
TMP=C:\DOCUME~1\Maimai\LOCALS~1\Temp
USERDOMAIN=COMPAQHEARTY
USERNAME=Maimai
USERPROFILE=C:\Documents and Settings\Maimai
windir=C:\WINDOWS
-- User Profiles
Maimai (admin)
Administrator (admin)
-- Add/Remove Programs
'Full Speed' Internet Booster + Performance Tests --> "C:\WINDOWS\'Full Speed' Internet Booster + Performance Tests\uninstall.exe" "/U:C:\Program Files\'Full Speed' Internet Booster + Performance Tests\Uninstall\uninstall.xml"
--> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
--> C:\WINDOWS\UNNMP.exe /UNINSTALL
--> MsiExec.exe /I{403EF592-953B-4794-BCEF-ECAB835C2095}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
1 Click PC Fix 2007 v3.2 --> "C:\Program Files\1 Click PC Fix 2007\unins000.exe"
Ad-Aware SE Personal --> C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
Adobe Acrobat 7.0.9 Professional --> msiexec /I {AC76BA86-1033-0000-7760-000000000002}
Adobe Common File Installer --> MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5102}
Adobe Flash Player ActiveX --> C:\WINDOWS\System32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Photoshop Elements 6.0 --> msiexec /I {F54AC413-D2C6-4A24-B324-370C223C6250}
Adobe Premiere Elements 4.0 --> MsiExec.exe /I{3E2C691B-B7E6-4053-B5C3-94B8BC407E7A}
Advanced WindowsCare Pro 2.6.0 --> "C:\Program Files\IObit\Advanced WindowsCare V2 Pro\unins000.exe"
ALi USB2.0 Driver --> C:\WINDOWS\System32\UnUSB20.EXE RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8E1DCD15-C9F1-49CE-807B-198C8241EB6B}\Setup.exe" -uninst
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
Audio Editor Gold v9.2.19.1 --> "C:\Program Files\Audio Editor Gold\unins000.exe"
AVG Anti-Spyware 7.5 --> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
BellSouth Internet Security - Alert Manager 1.3.20 --> "C:\Program Files\BellSouth\Alert Manager\unins000.exe"
Bias Sound Soap 2 DX RTAS VST v2.01 --> C:\PROGRA~1\BIAS\Bias\BIASSO~1\UNWISE.EXE C:\PROGRA~1\BIAS\Bias\BIASSO~1\INSTALL.LOG
BT Engine 5.04 --> "C:\Program Files\BT Engine\unins000.exe"
CA Yahoo! Anti-Spy (remove only) --> "C:\Program Files\CA Yahoo! Anti-Spy\uninstall.exe"
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
ClearType Tuning Control Panel Applet --> MsiExec.exe /I{C9E4932C-8417-4E4C-A0E3-EE534810AB4D}
CloneDVD 4.1.0.2 --> "C:\Program Files\CloneDVD\unins000.exe"
ConvertXtoDVD 2.99.11.700 --> "C:\Program Files\VSO\ConvertX\3\unins000.exe"
Disc API --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{03E59DFB-6D65-4953-8996-4F0CCB5288F4}\setup.exe" -l0x9
Disc2Phone --> MsiExec.exe /X{C01408FC-117C-44B7-8B0C-17794E526A01}
DivX --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
ESET Online Scanner --> C:\WINDOWS\system32\OnlineScannerUninstaller.exe
ESET Smart Security --> MsiExec.exe /I{6ECB944F-D027-4E8A-9906-70E77C005AD5}
eXPert PDF Editor Professional Edition --> MsiExec.exe /X{81842701-A0EB-4C9B-8553-0E201F46C567}
EZ Movie & Photo Burner --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{70B4227A-CA3A-4516-9E93-D419ECEE2834}\Setup.exe" -l0x9 UNINSTALL
FastAccess® DSL Help Center 4.1 --> "C:\Program Files\Bellsouth\HelpCenter40b\unins000.exe"
FlashGet 1.9.6.1073 --> C:\Program Files\FlashGet\uninst.exe
Floppy Image 2.3.2 --> "C:\Program Files\Floppy Image\unins000.exe"
GoldWave v5.23 --> "C:\Program Files\GoldWave\unstall.exe" "GoldWave v5.23" "C:\Program Files\GoldWave\unstall.log"
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Intel(R) Extreme Graphics Driver --> RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2562
Intel(R) PRO Network Connections --> MsiExec.exe /I{111A3D14-7596-43B0-92BA-418435C90672}
InterVideo WinDVD --> "C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL
Java(TM) 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
K-Lite Mega Codec Pack 3.7.0 --> "C:\Program Files\K-Lite Codec Pack\unins000.exe"
Lightroom --> MsiExec.exe /I{6297F8EC-D821-4B33-B845-8A8D1A0DF472}
LightZone 3.4 --> C:\Program Files\LightZone 3\uninstall.exe
LimeWire PRO 4.17.3 --> "C:\Program Files\LimeWire\uninstall.exe"
LiveReg (Symantec Corporation) --> C:\Program Files\Common Files\Symantec Shared\LiveReg\VcSetup.exe /REMOVE
LiveUpdate 3.2 (Symantec Corporation) --> "C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Image Composer 1.5 --> C:\Program Files\Microsoft Image Composer\setup\acmsetup.exe /t setup.stf
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 --> "C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft Office FrontPage 2003 --> MsiExec.exe /I{90170409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft SQL Server 2005 --> "c:\Program Files\Microsoft SQL Server\90\Setup Bootstrap\ARPWrapper.exe" /Remove
Microsoft SQL Server 2005 Express Edition (SONY_MEDIAMGR2) --> MsiExec.exe /I{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}
Microsoft SQL Server Native Client --> MsiExec.exe /I{F9B3DD02-B0B3-42E9-8650-030DFF0D133D}
Microsoft SQL Server Setup Support Files (English) --> MsiExec.exe /X{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}
Microsoft SQL Server VSS Writer --> MsiExec.exe /I{E9F44C98-B8B6-480F-AF7B-E42A0A46F4E3}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft XML Parser and SDK --> MsiExec.exe /I{35343FF7-939B-401A-87B3-FF90A5123D88}
Microsoft XML Parser and SDK --> MsiExec.exe /I{3E908702-AF35-4611-9518-955DA24B7E07}
MIKSOFT Mobile Media Converter --> "C:\Program Files\MIKSOFT\Mobile Media Converter\unins000.exe"
Move Networks Media Player for Internet Explorer --> C:\Documents and Settings\Maimai\Application Data\Move Networks\ie_bin\Uninst.exe
Mozilla Firefox (2.0.0.13) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
Nero Suite --> C:\Program Files\Common Files\Nero\Uninstall\setupx.exe /uninstall ExtraUninstallID=""
Norton Spyware Scan provided by Yahoo! --> C:\PROGRA~1\Yahoo!\Common\unynss.exe
Pinnacle Hollywood FX 5 --> C:\WINDOWS\unvise32.exe C:\Program Files\Pinnacle\Hollywood FX 5\uninstal.log
Pinnacle Hollywood FX for Studio --> C:\WINDOWS\unvise32.exe C:\Program Files\Pinnacle\Hollywood FX for Studio\5.5\uninstal.log
Pinnacle USB device drivers --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9C0ADF96-20E7-4671-88D2-39B5A307E2A2}\setup.exe" -l0x9
PowerISO --> "C:\Program Files\PowerISO\uninstall.exe"
Rainlendar (remove only) --> "C:\Program Files\Rainlendar\uninst.exe"
RegCure 1.5.0.0 --> C:\Program Files\RegCure\uninst.exe
Sentinel Protection Installer 7.0.0 --> MsiExec.exe /I{547D4265-AF45-42E9-A62A-C58182AA35B9}
Skype™ 3.5 --> MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
SmartSound Quicktracks Plugin --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}
Sony DVD Architect Pro 4.5 --> MsiExec.exe /X{5E9C5450-8011-41E0-8725-4F0BD66B81AE}
Sony Media Manager 2.3 --> MsiExec.exe /X{8FA5B6B7-D8BD-49F7-98D7-701C26B01E97}
Sony Vegas Pro 8.0 --> MsiExec.exe /X{7C9AD221-994C-45B2-B46D-26F5735158CF}
SoundMAX --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\Setup.exe"
SpeedConnect Internet Accelerator v.7.0 --> "C:\Program Files\CBS Software\SpeedConnect Internet Accelerator\unins000.exe"
Steganos Security Suite 2007 --> C:\Program Files\Steganos Security Suite 2007\uninstall.exe
Studio 9 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9E491AB7-4589-48CA-9CBB-874CB2788391}\Setup.exe" -l0x9 UNINSTALL
Studio 9.3 Patch --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{16E217EA-C3E0-402D-8D4F-6189DB74497A}\setup.exe" -l0x9 UNINSTALL
TuneUp Utilities 2008 --> MsiExec.exe /I{5888428E-699C-4E71-BF71-94EE06B497DA}
Tweak UI --> "C:\WINDOWS\system32\mshta.exe" "res://C:\WINDOWS\system32\TweakUI.exe/uninstall.hta"
UltimateDefrag --> C:\Program Files\DiskTrix\UltimateDefrag\Uninstall.EXE /u:"UltimateDefrag"
Unlocker 1.8.4 --> C:\Program Files\Unlocker\uninst.exe
USB 2.0 PC CAMERA --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{75438C0E-9925-412E-AD85-D0E71C6CE2ED}\Setup.exe" -l0x9
USB PHONE BLR version 3.4.0.7 --> "C:\Program Files\USB PHONE BLR\unins000.exe"
VASST Ultimate S2 2.1.1 --> C:\Program Files\VASST\Ultimate S2\uninst.exe
VideoLAN VLC media player 0.8.6c --> C:\Program Files\VideoLAN\VLC\uninstall.exe
VSO Image Resizer 1.3.4d --> "C:\Program Files\VSO\Image Resizer\unins000.exe"
Watermark Factory 2 --> "C:\Program Files\Watermark Factory 2\unins000.exe"
Web Page Maker V2.3 --> "C:\Program Files\Web Page Maker V2\unins000.exe"
WinAVI Video Converter 9.0 --> "C:\WINDOWS\WinAVI Video Converter 9.0\uninstall.exe" "/U:C:\Program Files\WinAVI Video Converter 9.0\Uninstall\uninstall.xml"
Windows Communication Foundation --> MsiExec.exe /X{491DD792-AD81-429C-9EB4-86DD3D22E333}
Windows Doctor 1.7 --> "C:\Program Files\Windows Doctor\1.7\unins000.exe"
Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Live Messenger --> MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Presentation Foundation --> MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows Workflow Foundation --> MsiExec.exe /I{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
WinZip --> C:\Program Files\WinZip\WINZIP32.EXE /uninstall
XML Paper Specification Shared Components Pack 1.0 -->
Yahoo! Messenger --> C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
YouTube Uploader --> MsiExec.exe /X{171818BA-E0AD-313D-B45A-1BC9D77ADA86}
-- Application Event Log
Event Record #/Type13504 / Error
Event Submitted/Written: 04/03/2008 05:01:16 PM
Event ID/Source: 17204 / MSSQL$SONY_MEDIAMGR2
Event Description:
FCB::Open failed: Could not open file C:\Documents and Settings\Maimai\My Documents\Sony Media Libraries\Default.medialib for file number 0. OS error: 5(Access is denied.).
Event Record #/Type13503 / Error
Event Submitted/Written: 04/03/2008 05:01:16 PM
Event ID/Source: 17207 / MSSQL$SONY_MEDIAMGR2
Event Description:
FCB::Open: Operating system error 5(Access is denied.) occurred while creating or opening file 'C:\Documents and Settings\Maimai\My Documents\Sony Media Libraries\Default.medialib'. Diagnose and correct the operating system error, and retry the operation.
Event Record #/Type13466 / Warning
Event Submitted/Written: 04/03/2008 04:56:15 PM
Event ID/Source: 4353 / EventSystem
Event Description:
The COM+ Event System attempted to fire the EventObjectChange::ChangedSubscription event but received a bad return code. HRESULT was 80040201.
Event Record #/Type13465 / Warning
Event Submitted/Written: 04/03/2008 04:56:15 PM
Event ID/Source: 4356 / EventSystem
Event Description:
The COM+ Event System failed to create an instance of the subscriber partition:{41E90F3E-56C1-4633-81C3-6E8BAC8BDD70}!new:{D3938AB0-5B9D-11D1-8DD2-00AA004ABD5E}. CoGetObject returned HRESULT 80080005.
Event Record #/Type13464 / Warning
Event Submitted/Written: 04/03/2008 04:55:45 PM
Event ID/Source: 4353 / EventSystem
Event Description:
The COM+ Event System attempted to fire the EventObjectChange::ChangedSubscription event but received a bad return code. HRESULT was 80040201.
-- Security Event Log
No Errors/Warnings found.
-- System Event Log
Event Record #/Type23690 / Error
Event Submitted/Written: 04/03/2008 01:30:48 PM
Event ID/Source: 7023 / Service Control Manager
Event Description:
The Remote Access Connection Manager service terminated with the following error:
%%126
Event Record #/Type23687 / Error
Event Submitted/Written: 04/03/2008 01:30:48 PM
Event ID/Source: 7023 / Service Control Manager
Event Description:
The Remote Access Connection Manager service terminated with the following error:
%%126
Event Record #/Type23684 / Error
Event Submitted/Written: 04/03/2008 01:30:48 PM
Event ID/Source: 7023 / Service Control Manager
Event Description:
The Remote Access Connection Manager service terminated with the following error:
%%126
Event Record #/Type23676 / Error
Event Submitted/Written: 04/03/2008 11:43:02 AM
Event ID/Source: 10010 / DCOM
Event Description:
The server {D3938AB0-5B9D-11D1-8DD2-00AA004ABD5E} did not register with DCOM within the required timeout.
Event Record #/Type23675 / Error
Event Submitted/Written: 04/03/2008 11:42:32 AM
Event ID/Source: 7023 / Service Control Manager
Event Description:
The System Event Notification service terminated with the following error:
%%2
-- End of Deckard's System Scanner: finished at 2008-04-03 17:13:11
Your System Drive has less than 15% free disk space. Maybe it would be time to buy a new HD?
===============================================
Please download ComboFix from Here or Here to your Desktop.
* In the event you already have Combofix, this is a new version that I need you to download.
* It is important that it is saved directly to your desktop
Warning: You should not use Combofix unless you have been instructed to do so by a Malware Removal Expert. It is intended by its creator to be used under the guidance and supervision of an expert, not for private use. Using this tool incorrectly could render your system/pc inoperable.
Yeah it's full. I've no money yet. I'm going to burn my files to get some free space.
Deckard's System Scanner v20071014.68
Run by Maimai on 2008-04-05 08:32:08
Computer is in Normal Mode.
Total Physical Memory: 504 MiB (512 MiB recommended).
System Drive C: has 1.97 GiB (less than 15%) free.
-- HijackThis Clone
Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-04-05 08:32:39
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\tsnp2std.exe
C:\WINDOWS\vsnp2std.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\MDM.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\SatSrv.exe
C:\WINDOWS\system32\imapi.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Maimai\Desktop\dss.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: 127.255.255.255 serial.alcohol-soft.com
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {060BB0AB-4B09-4C51-9ECB-9580A6D08D7F} - C:\WINDOWS\system32\fccATkKb.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Steganos Password Manager AutoFill - {1427A821-7B93-4F08-9A34-9FA03A3D93DB} - C:\Program Files\Steganos Security Suite 2007\PasswordManagerBHO.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: (no name) - {50BF25FC-1B3B-4D90-8829-91E17A0DA4ED} - C:\WINDOWS\system32\ssqqOheB.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: (no name) - {98279C38-DE4B-4bcf-93C9-8EC26069D6F4} - (no file)
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [DrvLsnr] C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [tsnp2std] C:\WINDOWS\tsnp2std.exe
O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe
O4 - HKLM\..\Run: [Flashget] C:\Program Files\FlashGet\flashget.exe /min
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} () - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} () - http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
O16 - DPF: {EA7F451B-94DD-4009-A8BF-8F977B0B2696} () - http://pbells.broadjump.com/wizlet/StandardInstall/static/controls/WebflowActiveXInstaller_4-2-0.cab
O18 - Protocol: lid - {5C135180-9973-46D9-ABF4-148267CBB8BF} - C:\WINDOWS\system32\msvidctl.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
O20 - Winlogon Notify: crypt32chain - C:\WINDOWS\system32\crypt32.dll
O20 - Winlogon Notify: cryptnet - C:\WINDOWS\system32\cryptnet.dll
O20 - Winlogon Notify: cscdll - C:\WINDOWS\system32\cscdll.dll
O20 - Winlogon Notify: fccATkKb - C:\WINDOWS\system32\
O20 - Winlogon Notify: ScCertProp - C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: Schedule - C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: SensLogn - C:\WINDOWS\system32\WlNotify.dll
O20 - Winlogon Notify: termsrv - C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: winmfu32 - C:\WINDOWS\system32\winmfu32.dll (file missing)
O20 - Winlogon Notify: wlballoon - C:\WINDOWS\system32\wlnotify.dll
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Steganos AntiTheft - Unknown owner - C:\WINDOWS\system32\\SatSrv.exe
--
End of file - 11810 bytes
-- Files created between 2008-03-05 and 2008-04-05
2008-04-02 22:05:17 494352 --a
C:\WINDOWS\system32\SHDOC401.DLL <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) 2000 Operating System>
2008-04-02 22:05:17 356352 --a
C:\WINDOWS\system32\eSellerateEngine.dll <Not Verified; eSellerate Inc.; eSellerateEngine>
2008-04-02 22:05:17 81920 --a
C:\WINDOWS\system32\ESELLERATECONTROL350.DLL <Not Verified; eSellerate Inc.; eSellerate ActiveX Control>
2008-04-02 22:05:11 0 d
C:\Program Files\1 Click PC Fix 2007
2008-04-02 19:39:26 10049 --a
C:\WINDOWS\msvrc20.dll
2008-04-02 19:39:23 0 d
C:\Program Files\IObit
2008-04-02 19:36:09 0 d--hs---- C:\Documents and Settings\Maimai\Recent
2008-04-02 17:07:41 0 d
C:\Documents and Settings\Maimai\Application Data\ESET
2008-04-02 16:48:35 0 d
C:\Documents and Settings\All Users\Application Data\ESET
2008-04-02 13:21:31 0 d
C:\Documents and Settings\NetworkService\Application Data\Adobe
2008-04-02 12:09:13 0 d
C:\Program Files\Windows Doctor
2008-04-01 14:05:47 35840 --a
C:\WINDOWS\system32\rqRKbxyY.dll
2008-04-01 13:56:04 35840 --a
C:\WINDOWS\system32\vtUonoOi.dll
2008-04-01 13:54:45 35840 --a
C:\WINDOWS\system32\hgGwwxUm.dll
2008-04-01 13:47:09 35840 --a
C:\WINDOWS\system32\awtsQKcd.dll
2008-04-01 13:46:46 35840 --a
C:\WINDOWS\system32\awtsQIBt.dll
2008-04-01 11:17:40 0 d
C:\Program Files\CA Yahoo! Anti-Spy
2008-03-31 23:00:19 0 d
C:\Program Files\EsetOnlineScanner
2008-03-31 21:13:10 81984 --a
C:\WINDOWS\system32\bdod.bin
2008-03-31 21:05:47 0 d
C:\Documents and Settings\All Users\Application Data\BitDefender
2008-03-31 20:59:52 0 d
C:\Documents and Settings\All Users\Application Data\Avg7
2008-03-31 01:09:48 0 d
C:\Documents and Settings\Maimai\Application Data\Grisoft
2008-03-31 01:09:10 0 d
C:\Documents and Settings\All Users\Application Data\Grisoft
2008-03-30 09:54:23 0 d
C:\WINDOWS\pss
2008-03-29 15:42:55 164702 --ahs---- C:\WINDOWS\system32\BehOqqss.ini2
2008-03-29 15:42:41 268288 --a
C:\WINDOWS\system32\ssqqOheB.dll
2008-03-29 15:39:10 39424 --a
C:\WINDOWS\system32\byXOgHYp.dll
2008-03-29 15:37:34 39424 --a
C:\WINDOWS\system32\fccATkKb.dll
2008-03-27 23:44:57 0 d
C:\Documents and Settings\Administrator\Application Data\Publish Providers
2008-03-27 23:44:05 0 d
C:\Documents and Settings\Administrator\Application Data\Sony
2008-03-26 18:43:40 0 d
C:\Vdefs
2008-03-26 12:37:09 36352 --a
C:\WINDOWS\system32\drivers\disk.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-03-26 11:40:14 0 d
C:\Program Files\Sony Setup
2008-03-25 23:58:33 0 d
C:\Documents and Settings\Maimai\Application Data\BitComet Turbo
2008-03-25 19:51:42 458112 --a
C:\WINDOWS\system32\drivers\MarvinUsb.sys <Not Verified; Pinnacle Systems; Pinnacle Marvin Series>
2008-03-25 19:18:02 0 d
C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc
2008-03-25 11:51:18 406016 --a
C:\WINDOWS\system32\PSDrvCheck.exe
2008-03-23 20:30:16 0 d
C:\WINDOWS\WinAVI Video Converter 9.0
2008-03-23 20:30:15 0 d
C:\Program Files\WinAVI Video Converter 9.0
2008-03-22 14:49:01 0 d
C:\WINDOWS\system32\Quicktime
2008-03-22 14:48:59 0 d
C:\Program Files\SmartSound Software
2008-03-22 14:34:28 294912 --a
C:\WINDOWS\system32\pvmjpg21.dll <Not Verified; Pegasus Imaging Corporation; PICVideo>
2008-03-21 23:14:18 0 d
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-21 16:39:41 78184 --a
C:\WINDOWS\system32\GDIPFONTCACHEV1.DAT
2008-03-21 00:44:25 0 d
C:\Documents and Settings\All Users\Application Data\Watermark Factory
2008-03-21 00:43:17 0 d
C:\Program Files\Watermark Factory 2
2008-03-20 22:58:58 22040 ---h
C:\Documents and Settings\Administrator\Application Data\addon.dat
2008-03-19 23:27:01 0 d
C:\Program Files\RegCure
2008-03-19 20:12:49 0 d--h
C:\Program Files\windows_updates
2008-03-19 20:12:48 22040 ---h
C:\Documents and Settings\Maimai\Application Data\addon.dat
2008-03-19 14:59:28 0 d
C:\Program Files\DivX
2008-03-18 21:34:38 0 d
C:\Documents and Settings\Maimai\Application Data\UseNeXT
2008-03-18 21:34:09 0 d--h
C:\WINDOWS\windows
2008-03-17 19:42:51 0 d
C:\Program Files\GoldWave
2008-03-16 11:03:39 2019 --a
C:\WINDOWS\NewRecorder.reg
2008-03-16 11:03:07 0 d
C:\Program Files\Steinberg
2008-03-16 11:02:31 0 d
C:\Documents and Settings\All Users\Application Data\InstallShield
2008-03-15 13:02:26 221184 --a
C:\WINDOWS\system32\wmpns.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows Media Player>
2008-03-15 13:02:24 0 d
C:\Documents and Settings\Administrator\Application Data\Identities
2008-03-15 09:30:58 0 d
C:\Program Files\Common Files\SureThing Shared
2008-03-15 09:20:38 0 d
C:\Program Files\proDAD
2008-03-14 11:49:08 5272 --a
C:\WINDOWS\BricoPackFoldersDelete.cmd
2008-03-14 00:23:27 0 d
C:\temp
2008-03-12 13:23:08 0 d
C:\Documents and Settings\Maimai\Application Data\InstallShield
2008-03-11 21:15:28 0 d
C:\Program Files\AdorageI-SAL
2008-03-11 12:27:19 0 d--hs---- C:\WINDOWS\CSC
2008-03-11 12:12:12 1577045 --a
C:\WINDOWS\system32\SaFireU.dll <Not Verified; Pinnacle Systems, Inc.; SaFire Unicode Video Processing DLL>
2008-03-11 12:12:11 32256 --a
C:\WINDOWS\system32\pcleUtil.dll <Not Verified; Pinnacle Systems GmbH; Pinnacle Utilities>
2008-03-11 12:12:11 102400 --a
C:\WINDOWS\system32\pcleSplice.dll <Not Verified; Pinnacle Systems GmbH; Pinnacle Splice Module>
2008-03-11 12:12:11 192512 --a
C:\WINDOWS\system32\pcleIScl.dll <Not Verified; Pinnacle Systems GmbH; Pinnacle Image Scaler>
2008-03-11 12:12:11 114688 --a
C:\WINDOWS\system32\pcleDVdc.dll <Not Verified; Pinnacle Systems GmbH; Pinnacle DV Decoder>
2008-03-11 12:12:11 90112 --a
C:\WINDOWS\system32\pcleDVcd.dll <Not Verified; Pinnacle Systems GmbH; Pinnacle DV Encoder>
2008-03-11 12:12:11 90112 --a
C:\WINDOWS\system32\pcleADV.dll <Not Verified; Pinnacle Systems GmbH; Pinnacle Audio DV>
2008-03-11 12:12:11 262144 --a
C:\WINDOWS\system32\MP4FileLib.dll <Not Verified; dicas digital image coding GmbH; mpegable MP4FileLib>
2008-03-11 12:12:11 94208 --a
C:\WINDOWS\system32\gbtoolsu.dll <Not Verified; Pinnacle Systems; Studio>
2008-03-11 12:12:11 41984 --a
C:\WINDOWS\system32\futilu.dll <Not Verified; Pinnacle Systems; Studio>
2008-03-11 12:12:11 172032 --a
C:\WINDOWS\system32\fileiou.dll <Not Verified; Pinnacle Systems; Studio>
2008-03-11 12:12:11 86016 --a
C:\WINDOWS\system32\DVResampleru.dll
2008-03-11 12:12:11 778240 --a
C:\WINDOWS\system32\dvframes.dll <Not Verified; Pinnacle Systems; Studio>
2008-03-11 12:12:10 1372160 --a
C:\WINDOWS\system32\dsio.dll <Not Verified; Pinnacle Systems; Studio>
2008-03-11 12:12:10 1191936 --a
C:\WINDOWS\system32\dialogsu.dll <Not Verified; Pinnacle Systems; Studio>
2008-03-11 12:12:10 102400 --a
C:\WINDOWS\system32\CSCSaFX.dll <Not Verified; Pinnacle Systems GmbH; CSCnvrt>
2008-03-11 12:12:10 876544 --a
C:\WINDOWS\system32\CSCnvrtX.dll <Not Verified; Pinnacle Systems GmbH; CSCnvrt>
2008-03-11 12:12:10 90112 --a
C:\WINDOWS\system32\ACnvrtX.dll <Not Verified; Pinnacle Systems GmbH; Audio Converter>
2008-03-11 12:05:29 0 d
C:\Program Files\BIAS
2008-03-11 12:03:09 0 d
C:\Documents and Settings\Maimai\Application Data\proDAD
2008-03-10 19:36:57 1712128 --a
C:\WINDOWS\system32\GDIPLUS.DLL <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-03-10 19:28:01 0 d
C:\WINDOWS\system32\URTTEMP
2008-03-10 19:24:29 14165
n--- C:\WINDOWS\system32\drivers\Pclepci.sys <Not Verified; Pinnacle Systems GmbH; PCLEPCI>
2008-03-10 19:24:15 171520 --a
C:\WINDOWS\system32\drivers\MarvinBus.sys <Not Verified; Pinnacle Systems GmbH; Pinnacle Marvin Discrete>
2008-03-10 19:20:51 0 d
C:\Documents and Settings\All Users\Application Data\Pinnacle Studio
2008-03-10 19:16:45 0 d
C:\Documents and Settings\All Users\Application Data\Pinnacle
2008-03-09 20:42:47 0 d
C:\Program Files\LimeWire Ultra Accelerator
2008-03-09 11:48:58 0 d
C:\Program Files\BT Engine
2008-03-09 11:30:51 0 d
C:\Program Files\LimeWire Acceleration Patch
2008-03-06 20:05:22 0 d
C:\Program Files\Alcohol Soft
2008-03-06 20:02:10 715248 --a
C:\WINDOWS\system32\drivers\sptd.sys
2008-03-05 21:17:46 0 d
C:\Program Files\LimeWire Turbo Accelerator
2008-03-05 12:46:44 0 d
C:\Program Files\GlobalSCAPE
-- Find3M Report
2008-04-05 08:31:52 0 d
C:\Program Files\FlashGet
2008-04-04 18:16:52 0 d
C:\Program Files\Common Files\Wise Installation Wizard
2008-04-02 19:33:41 0 d--h
C:\Program Files\InstallShield Installation Information
2008-04-01 11:54:01 0 d
C:\Program Files\Common Files
2008-04-01 11:17:41 0 d
C:\Program Files\Common Files\Scanner
2008-04-01 11:17:32 0 d
C:\Program Files\Yahoo!
2008-03-31 21:02:50 0 d
C:\Program Files\CA
2008-03-30 23:40:18 0 d
C:\Program Files\Movie Maker
2008-03-30 19:09:01 0 d
C:\Program Files\GameHouse
2008-03-30 19:01:00 0 d
C:\Program Files\Clock Tray Skins
2008-03-30 10:59:23 0 d
C:\Program Files\MSXML 4.0
2008-03-28 11:37:09 0 d
C:\Program Files\PowerISO
2008-03-27 12:28:47 0 d
C:\Documents and Settings\Maimai\Application Data\LimeWire
2008-03-26 11:43:04 0 d
C:\Program Files\Vstplugins
2008-03-25 19:02:58 0 d
C:\Program Files\Pinnacle Systems
2008-03-25 08:43:44 0 d
C:\Program Files\Pinnacle
2008-03-25 01:45:56 95 --a
C:\AUTOEXEC.BAT
2008-03-16 11:02:02 0 d
C:\Program Files\Common Files\InstallShield
2008-03-15 23:32:10 0 d
C:\Documents and Settings\Maimai\Application Data\Vso
2008-03-15 23:32:09 668 --a
C:\Documents and Settings\Maimai\Application Data\vso_ts_preview.xml
2008-03-14 11:58:30 72074 --a
C:\WINDOWS\BricoPackUninst.cmd
2008-03-12 08:37:08 0 d
C:\Documents and Settings\Maimai\Application Data\Adobe
2008-03-11 22:34:35 0 d
C:\Program Files\Common Files\Adobe
2008-03-11 11:15:31 0 d
C:\Program Files\Conduit
2008-03-06 12:55:15 0 d
C:\Program Files\Do It Again
2008-03-03 13:18:45 0 d
C:\Documents and Settings\Maimai\Application Data\Rainlendar
2008-03-03 13:18:42 0 d
C:\Program Files\Rainlendar
2008-02-27 23:39:44 0 d
C:\Documents and Settings\Maimai\Application Data\Thinstall
2008-02-27 12:51:42 0 d
C:\Program Files\LimeWire
2008-02-25 22:20:47 0 d
C:\Program Files\Sony
2008-02-24 19:57:36 0 d
C:\Documents and Settings\Maimai\Application Data\Sony
2008-02-23 21:06:29 0 d
C:\Program Files\MIKSOFT
2008-02-22 19:28:23 0 d
C:\Program Files\Audio Editor Gold
2008-02-21 12:15:51 0 d
C:\Program Files\VASST
2008-02-19 18:00:10 0 d
C:\Program Files\Microsoft.NET
2008-02-19 17:59:55 0 d
C:\Program Files\Microsoft SQL Server
2008-02-17 23:50:44 0 d
C:\Documents and Settings\Maimai\Application Data\Publish Providers
2008-02-17 20:18:21 0 d
C:\Program Files\MSBuild
2008-02-17 20:09:46 0 d
C:\Program Files\Reference Assemblies
2008-02-17 04:39:07 0 d
C:\Documents and Settings\Maimai\Application Data\Sony Setup
2008-02-16 13:36:36 0 d
C:\Program Files\Common Files\Digidesign
2008-02-16 13:33:01 0 d
C:\Program Files\SafeNet Sentinel
2008-02-16 13:33:01 0 d
C:\Program Files\Common Files\SafeNet Sentinel
2008-02-13 14:13:26 0 d
C:\Program Files\Common Files\Macrovision Shared
2008-02-11 13:12:38 0 d
C:\Documents and Settings\Maimai\Application Data\Sun
2008-02-11 09:39:26 253952 --a
C:\WINDOWS\system32\OnlineScannerDLLA.dll <Not Verified; ; OnlineScanner Dynamic Link Library>
2008-02-11 09:39:18 237568 --a
C:\WINDOWS\system32\OnlineScannerDLLW.dll <Not Verified; ; OnlineScanner Dynamic Link Library>
2008-02-11 09:07:29 0 d
C:\Documents and Settings\Maimai\Application Data\LEAPS
2008-02-11 08:46:15 0 d
C:\Documents and Settings\Maimai\Application Data\Pegasys Inc
2008-02-11 07:38:24 56976 --a
C:\WINDOWS\system32\GenSvcInst.exe <Not Verified; B.H.A Corporation; B's Recorder GOLD9>
2008-02-11 07:38:24 122512 --a
C:\WINDOWS\system32\bgsvcgen.exe <Not Verified; B.H.A Corporation; B's Recorder GOLD9>
2008-02-11 07:37:19 0 d
C:\Documents and Settings\Maimai\Application Data\LightZone
2008-02-10 20:28:26 0 d
C:\Program Files\Common Files\eSellerate
2008-02-10 20:28:22 0 d
C:\Program Files\LightZone 3
2008-02-09 19:14:26 0 d
C:\Documents and Settings\Maimai\Application Data\Ahead
2008-02-09 15:11:36 0 d
C:\Documents and Settings\Maimai\Application Data\Skype
2008-02-09 13:59:15 0 d
C:\Documents and Settings\Maimai\Application Data\TuneUp Software
2008-02-09 01:48:04 0 d
C:\Program Files\DiskTrix
2008-02-08 20:27:12 0 d
C:\Program Files\LucasArts
2008-02-08 19:23:11 0 d
C:\Documents and Settings\Maimai\Application Data\MixMeister Technology
2008-02-08 13:53:46 110592 --a
C:\WINDOWS\system32\OnlineScannerLang.dll <Not Verified; ; OnlineScanner Language Library>
2008-02-05 12:19:53 0 d
C:\Program Files\VSO
2008-02-05 08:48:04 77824 --a
C:\WINDOWS\system32\OnlineScannerUninstaller.exe <Not Verified; ; OnlineScannerUninstaller>
2008-02-05 08:32:09 34 --a
C:\Documents and Settings\Maimai\Application Data\pcouffin.log
2008-02-05 08:32:01 47360 --a
C:\Documents and Settings\Maimai\Application Data\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
2008-02-05 08:32:01 1144 --a
C:\Documents and Settings\Maimai\Application Data\pcouffin.inf
2008-02-05 08:32:01 7887 --a
C:\Documents and Settings\Maimai\Application Data\pcouffin.cat
2008-01-30 13:53:06 218624 --a
C:\WINDOWS\system32\uxtheme.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-01-27 08:54:39 1158 --a
C:\WINDOWS\mozver.dat
2008-01-21 14:06:06 0 --a
C:\WINDOWS\nsreg.dat
-- Registry Dump
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{060BB0AB-4B09-4C51-9ECB-9580A6D08D7F}]
03/29/2008 03:37 PM 39424 --a
C:\WINDOWS\system32\fccATkKb.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1427A821-7B93-4F08-9A34-9FA03A3D93DB}]
03/08/2007 07:02 PM 20480 --a
C:\Program Files\Steganos Security Suite 2007\PasswordManagerBHO.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{50BF25FC-1B3B-4D90-8829-91E17A0DA4ED}]
03/29/2008 03:42 PM 268288 --a
C:\WINDOWS\system32\ssqqOheB.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Smapp"="C:\Program Files\Analog Devices\SoundMAX\SMTray.exe" [05/05/2003 10:57 PM]
"DrvLsnr"="C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe" [05/09/2003 01:34 AM]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [06/21/2005 04:48 PM]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [06/22/2005 06:44 AM]
"tsnp2std"="C:\WINDOWS\tsnp2std.exe" [01/07/2006 07:39 AM]
"snp2std"="C:\WINDOWS\vsnp2std.exe" [01/07/2006 03:57 AM]
"Flashget"="C:\Program Files\FlashGet\flashget.exe" [04/01/2008 06:19 PM]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [06/11/2007 05:25 PM]
"egui"="C:\Program Files\ESET\ESET Smart Security\egui.exe" [03/01/2008 04:54 AM]
"PinnacleDriverCheck"="C:\WINDOWS\system32\PSDrvCheck.exe" [03/10/2004 04:26 PM]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"LinkResolveIgnoreLinkInfo"=0 (0x0)
"NoResolveSearch"=1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoLowDiskSpaceChecks"=0 (0x0)
"NoSMHelp"=01000000
"NoRecentDocsMenu"=01000000
"ClearRecentDocsOnExit"=01000000
"NoRecentDocsHistory"=01000000
"NoRecentDocsNetHood"=01000000
"NoSMMyDocs"=00000000
"NoSMMyPictures"=01000000
"NoNetworkConnections"=01000000
"NoLogoff"=0 (0x0)
"NoActiveDesktopChanges"=01000000
"LinkResolveIgnoreLinkInfo"=0 (0x0)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{060BB0AB-4B09-4C51-9ECB-9580A6D08D7F}"= C:\WINDOWS\system32\fccATkKb.dll [03/29/2008 03:37 PM 39424]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\fccATkKb]
fccATkKb.dll 03/29/2008 03:37 PM 39424 C:\WINDOWS\system32\fccATkKb.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PCANotify]
PCANotify.dll 04/28/2007 02:10 AM 18744 C:\WINDOWS\system32\PCANotify.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winmfu32]
winmfu32.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\ssqqOheB
"Notification Packages"= :\WINDOWS\syste
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Help]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PinnacleDriverCheck]
C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RocketDock]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkinClock]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TuneUp MemOptimizer]
"C:\Program Files\TuneUp Utilities 2008\MemOptimizer.exe" autostart
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"PWRISOVM.EXE"=C:\Program Files\PowerISO\PWRISOVM.EXE
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
AutoRun\command- E:\bootcd\wintools\autorun.exe
-- End of Deckard's System Scanner: finished at 2008-04-05 08:35:48
Running from: C:\Documents and Settings\Maimai\Desktop\ComboFix.exe
* Created a new restore point
* Resident AV is active
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Administrator\Application Data\addon.dat
C:\Documents and Settings\Maimai\Application Data\addon.dat
C:\Documents and Settings\Maimai\Application Data\inst.exe
C:\WINDOWS\msvrc20.dll
C:\WINDOWS\system32\_004060_.tmp.dll
C:\WINDOWS\system32\_004061_.tmp.dll
C:\WINDOWS\system32\_004062_.tmp.dll
C:\WINDOWS\system32\_004063_.tmp.dll
C:\WINDOWS\system32\awtsQIBt.dll
C:\WINDOWS\system32\awtsQKcd.dll
C:\WINDOWS\system32\BehOqqss.ini
C:\WINDOWS\system32\BehOqqss.ini2
C:\WINDOWS\system32\hgGwwxUm.dll
C:\WINDOWS\system32\readme-net.doc
C:\WINDOWS\system32\rqRKbxyY.dll
C:\WINDOWS\system32\setup.ini
C:\WINDOWS\system32\ssqqOheB.dll
C:\WINDOWS\system32\vtUonoOi.dll
C:\WINDOWS\WINDOWS
C:\WINDOWS\WINDOWS\klog.dat
.
((((((((((((((((((((((((( Files Created from 2008-03-05 to 2008-04-05 )))))))))))))))))))))))))))))))
.
2008-04-05 09:30 . 2008-04-05 09:30 37,676 --a
C:\WINDOWS\system32\efcDWPJc.dll
2008-04-03 14:31 . 2008-04-03 14:31 <DIR> d
C:\Deckard
2008-04-02 22:05 . 2008-04-02 22:10 <DIR> d
C:\Program Files\1 Click PC Fix 2007
2008-04-02 22:05 . 2001-08-17 00:00 494,352 --a
C:\WINDOWS\system32\SHDOC401.DLL
2008-04-02 22:05 . 2005-10-11 14:40 356,352 --a
C:\WINDOWS\system32\eSellerateEngine.dll
2008-04-02 22:05 . 1998-06-24 00:00 164,144 --a
C:\WINDOWS\system32\COMCT232.OCX
2008-04-02 22:05 . 2000-05-22 15:58 83,144 --a
C:\WINDOWS\system32\PICCLP32.OCX
2008-04-02 22:05 . 2003-06-06 10:21 81,920 --a
C:\WINDOWS\system32\ESELLERATECONTROL350.DLL
2008-04-02 19:39 . 2008-04-02 19:39 <DIR> d
C:\Program Files\IObit
2008-04-02 17:07 . 2008-04-02 17:07 <DIR> d
C:\Documents and Settings\Maimai\Application Data\ESET
2008-04-02 16:48 . 2008-04-02 16:48 <DIR> d
C:\Program Files\ESET
2008-04-02 16:48 . 2008-04-02 16:48 <DIR> d
C:\Documents and Settings\All Users\Application Data\ESET
2008-04-02 12:09 . 2008-04-02 12:09 <DIR> d
C:\Program Files\Windows Doctor
2008-04-01 11:54 . 2008-04-02 16:42 <DIR> d
C:\Program Files\Common Files\Softwin
2008-04-01 11:17 . 2008-04-01 11:24 <DIR> d
C:\Program Files\CA Yahoo! Anti-Spy
2008-03-31 23:00 . 2008-04-01 22:59 <DIR> d
C:\Program Files\EsetOnlineScanner
2008-03-31 21:13 . 2008-04-02 16:41 81,984 --a
C:\WINDOWS\system32\bdod.bin
2008-03-31 21:05 . 2008-04-02 16:42 <DIR> d
C:\Documents and Settings\All Users\Application Data\BitDefender
2008-03-31 20:59 . 2008-04-01 11:16 <DIR> d
C:\Documents and Settings\All Users\Application Data\Avg7
2008-03-31 01:09 . 2008-03-31 01:09 <DIR> d
C:\Documents and Settings\Maimai\Application Data\Grisoft
2008-03-31 01:09 . 2008-03-31 20:59 <DIR> d
C:\Documents and Settings\All Users\Application Data\Grisoft
2008-03-31 01:09 . 2007-05-30 20:10 10,872 --a
C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-03-29 15:37 . 2008-03-29 15:37 39,424 --a
C:\WINDOWS\system32\fccATkKb.dll
2008-03-27 23:44 . 2008-03-27 23:45 <DIR> d
C:\Documents and Settings\Administrator\Application Data\Sony
2008-03-27 23:44 . 2008-03-27 23:44 <DIR> d
C:\Documents and Settings\Administrator\Application Data\Publish Providers
2008-03-26 18:43 . 2008-03-26 21:42 <DIR> d
C:\Vdefs
2008-03-26 12:37 . 2004-08-04 00:59 36,352 --a
C:\WINDOWS\system32\drivers\disk.sys
2008-03-26 11:40 . 2008-03-26 11:40 <DIR> d
C:\Program Files\Sony Setup
2008-03-25 23:58 . 2008-03-26 14:14 <DIR> d
C:\Documents and Settings\Maimai\Application Data\BitComet Turbo
2008-03-25 23:03 . 2005-06-21 16:43 163,840 --a
C:\WINDOWS\system32\igfxres.dll
2008-03-25 19:51 . 2004-09-28 13:08 458,112 --a
C:\WINDOWS\system32\drivers\MarvinUsb.sys
2008-03-25 19:18 . 2008-03-25 20:04 <DIR> d
C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc
2008-03-25 11:51 . 2004-03-10 16:26 406,016 --a
C:\WINDOWS\system32\PSDrvCheck.exe
2008-03-23 20:30 . 2008-03-23 20:30 <DIR> d
C:\WINDOWS\WinAVI Video Converter 9.0
2008-03-23 20:30 . 2008-03-23 20:30 <DIR> d
C:\Program Files\WinAVI Video Converter 9.0
2008-03-23 02:07 . 2004-01-23 17:44 61,440 --a
C:\WINDOWS\system32\pclepim1.dll
2008-03-22 14:49 . 2008-03-22 14:49 <DIR> d
C:\WINDOWS\system32\Quicktime
2008-03-22 14:48 . 2008-03-22 14:48 <DIR> d
C:\Program Files\SmartSound Software
2008-03-21 23:14 . 2008-03-21 23:32 <DIR> d
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-21 16:39 . 2008-04-03 17:00 78,184 --a
C:\WINDOWS\system32\GDIPFONTCACHEV1.DAT
2008-03-21 13:44 . 2004-03-03 12:50 930,992 --a
C:\WINDOWS\system32\Ltr13n.dll
2008-03-21 13:44 . 2004-03-03 12:50 306,352 --a
C:\WINDOWS\system32\Ltrio13n.dll
2008-03-21 00:44 . 2008-03-21 01:34 <DIR> d
C:\Documents and Settings\All Users\Application Data\Watermark Factory
2008-03-21 00:43 . 2008-03-21 01:21 <DIR> d
C:\Program Files\Watermark Factory 2
2008-03-21 00:43 . 2007-02-12 21:19 380,928 --a
C:\WINDOWS\system32\actskin4.ocx
2008-03-19 23:27 . 2008-03-21 10:46 <DIR> d
C:\Program Files\RegCure
2008-03-19 20:12 . 2008-03-31 22:25 <DIR> d--h
C:\Program Files\windows_updates
2008-03-19 15:26 . 2008-03-25 08:25 48 --a
C:\WINDOWS\system32\blue.SITENAME
2008-03-19 15:25 . 2008-03-19 15:28 455 --a
C:\WINDOWS\VFO.VST
2008-03-19 14:59 . 2008-03-22 14:48 <DIR> d
C:\Program Files\DivX
2008-03-19 14:59 . 2008-03-25 08:46 1,182 --a
C:\WINDOWS\VFO.INI
2008-03-18 21:34 . 2008-03-19 23:05 <DIR> d
C:\Documents and Settings\Maimai\Application Data\UseNeXT
2008-03-18 21:34 . 2008-03-18 21:34 2,199,336 --a
C:\WINDOWS\usenext_freetrial.exe
2008-03-17 19:42 . 2008-03-17 19:42 <DIR> d
C:\Program Files\GoldWave
2008-03-16 11:03 . 2008-03-19 16:32 <DIR> d
C:\Program Files\Steinberg
2008-03-16 11:03 . 2008-03-16 11:03 2,019 --a
C:\WINDOWS\NewRecorder.reg
2008-03-16 11:02 . 2008-03-16 11:02 <DIR> d
C:\Documents and Settings\All Users\Application Data\InstallShield
2008-03-15 13:02 . 2004-08-04 15:56 221,184 --a
C:\WINDOWS\system32\wmpns.dll
2008-03-15 09:30 . 2008-03-15 09:30 <DIR> d
C:\Program Files\Common Files\SureThing Shared
2008-03-15 09:20 . 2008-03-15 09:20 <DIR> d
C:\Program Files\proDAD
2008-03-14 11:49 . 2008-03-14 11:58 5,272 --a
C:\WINDOWS\BricoPackFoldersDelete.cmd
2008-03-14 00:23 . 2008-03-14 00:23 <DIR> d
C:\temp\tmp
2008-03-14 00:23 . 2008-03-14 00:23 <DIR> d
C:\temp\pre
2008-03-14 00:23 . 2008-03-14 00:23 <DIR> d
C:\temp\peak
2008-03-14 00:23 . 2008-03-14 00:23 <DIR> d
C:\temp\img
2008-03-14 00:23 . 2008-03-14 00:23 <DIR> d
C:\temp\Alternate
2008-03-14 00:23 . 2008-03-14 12:09 <DIR> d
C:\temp
2008-03-12 13:23 . 2008-03-12 13:23 <DIR> d
C:\Documents and Settings\Maimai\Application Data\InstallShield
2008-03-11 21:15 . 2008-03-11 21:15 <DIR> d
C:\Program Files\AdorageI-SAL
2008-03-11 12:05 . 2008-03-15 10:41 <DIR> d
C:\Program Files\BIAS
2008-03-11 12:03 . 2008-03-15 09:20 <DIR> d
C:\Documents and Settings\Maimai\Application Data\proDAD
2008-03-10 19:36 . 2006-11-15 11:29 1,712,128 --a
C:\WINDOWS\system32\GDIPLUS.DLL
2008-03-10 19:28 . 2008-03-10 19:28 <DIR> d
C:\WINDOWS\system32\URTTEMP
2008-03-10 19:26 . 2004-07-02 17:28 84,992 --a
C:\WINDOWS\system32\ATL70.DLL
2008-03-10 19:24 . 2007-01-04 10:07 171,520 --a
C:\WINDOWS\system32\drivers\MarvinBus.sys
2008-03-10 19:24 . 2002-03-19 10:29 14,165
C:\WINDOWS\system32\drivers\Pclepci.sys
2008-03-10 19:20 . 2008-03-10 19:38 <DIR> d
C:\Documents and Settings\All Users\Application Data\Pinnacle Studio
2008-03-10 19:16 . 2008-03-22 14:57 <DIR> d
C:\Documents and Settings\All Users\Application Data\Pinnacle
2008-03-09 20:42 . 2008-03-25 21:55 <DIR> d
C:\Program Files\LimeWire Ultra Accelerator
2008-03-09 11:48 . 2008-03-09 11:48 <DIR> d
C:\Program Files\BT Engine
2008-03-09 11:30 . 2008-03-09 11:47 <DIR> d
C:\Program Files\LimeWire Acceleration Patch
2008-03-06 20:05 . 2008-03-06 20:05 <DIR> d
C:\Program Files\Alcohol Soft
2008-03-06 20:02 . 2008-04-01 21:42 715,248 --a
C:\WINDOWS\system32\drivers\sptd.sys
2008-03-05 21:17 . 2008-03-06 12:46 <DIR> d
C:\Program Files\LimeWire Turbo Accelerator
2008-03-05 12:46 . 2008-03-05 12:46 <DIR> d
C:\Program Files\GlobalSCAPE
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-05 00:31
d
w C:\Program Files\FlashGet
2008-04-04 10:16
d
w C:\Program Files\Common Files\Wise Installation Wizard
2008-04-03 08:59
d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-04-02 11:33
d--h--w C:\Program Files\InstallShield Installation Information
2008-04-01 03:17
d
w C:\Program Files\Yahoo!
2008-04-01 03:17
d
w C:\Program Files\Common Files\Scanner
2008-03-31 13:02
d
w C:\Program Files\CA
2008-03-30 11:09
d
w C:\Program Files\GameHouse
2008-03-30 11:01
d
w C:\Program Files\Clock Tray Skins
2008-03-30 02:59
d
w C:\Program Files\MSXML 4.0
2008-03-28 03:37
d
w C:\Program Files\PowerISO
2008-03-27 04:28
d
w C:\Documents and Settings\Maimai\Application Data\LimeWire
2008-03-26 03:43
d
w C:\Program Files\Vstplugins
2008-03-26 03:42
d
w C:\Documents and Settings\All Users\Application Data\Sony
2008-03-25 11:02
d
w C:\Program Files\Pinnacle Systems
2008-03-25 00:43
d
w C:\Program Files\Pinnacle
2008-03-16 03:02
d
w C:\Program Files\Common Files\InstallShield
2008-03-15 15:32
d
w C:\Documents and Settings\Maimai\Application Data\Vso
2008-03-14 03:58 72,074 ----a-w C:\WINDOWS\BricoPackUninst.cmd
2008-03-11 14:34
d
w C:\Program Files\Common Files\Adobe
2008-03-11 03:15
d
w C:\Program Files\Conduit
2008-03-06 04:55
d
w C:\Program Files\Do It Again
2008-03-03 05:18
d
w C:\Program Files\Rainlendar
2008-03-03 05:18
d
w C:\Documents and Settings\Maimai\Application Data\Rainlendar
2008-02-29 20:56 71,176 ----a-w C:\WINDOWS\system32\drivers\epfw.sys
2008-02-29 20:56 54,280 ----a-w C:\WINDOWS\system32\drivers\epfwtdi.sys
2008-02-29 20:56 30,728 ----a-w C:\WINDOWS\system32\drivers\epfwndis.sys
2008-02-29 20:53 29,704 ----a-w C:\WINDOWS\system32\drivers\easdrv.sys
2008-02-29 20:52 39,944 ----a-w C:\WINDOWS\system32\drivers\eamon.sys
2008-02-28 15:08 360,064 ----a-w C:\WINDOWS\system32\drivers\TCPIP.SYS.ORIGINAL
2008-02-28 15:08 360,064 ----a-w C:\WINDOWS\system32\drivers\TCPIP.SYS
2008-02-27 15:39
d
w C:\Documents and Settings\Maimai\Application Data\Thinstall
2008-02-27 04:51
d
w C:\Program Files\LimeWire
2008-02-25 14:20
d
w C:\Program Files\Sony
2008-02-24 11:57
d
w C:\Documents and Settings\Maimai\Application Data\Sony
2008-02-23 13:06
d
w C:\Program Files\MIKSOFT
2008-02-22 11:28
d
w C:\Program Files\Audio Editor Gold
2008-02-21 04:15
d
w C:\Program Files\VASST
2008-02-19 10:00
d
w C:\Program Files\Microsoft.NET
2008-02-19 09:59
d
w C:\Program Files\Microsoft SQL Server
2008-02-17 15:50
d
w C:\Documents and Settings\Maimai\Application Data\Publish Providers
2008-02-17 13:19
d
w C:\Program Files\Unlocker
2008-02-17 12:18
d
w C:\Program Files\MSBuild
2008-02-17 12:09
d
w C:\Program Files\Reference Assemblies
2008-02-16 20:39
d
w C:\Documents and Settings\Maimai\Application Data\Sony Setup
2008-02-16 05:36
d
w C:\Program Files\Common Files\Digidesign
2008-02-16 05:33
d
w C:\Program Files\SafeNet Sentinel
2008-02-16 05:33
d
w C:\Program Files\Common Files\SafeNet Sentinel
2008-02-13 11:41
d
w C:\Documents and Settings\All Users\Application Data\espionServerData
2008-02-13 06:13
d
w C:\Program Files\Common Files\Macrovision Shared
2008-02-11 01:07
d
w C:\Documents and Settings\Maimai\Application Data\LEAPS
2008-02-11 00:46
d
w C:\Documents and Settings\Maimai\Application Data\Pegasys Inc
2008-02-10 23:38 33,408 ----a-w C:\WINDOWS\system32\drivers\CDRBSDRV.SYS
2008-02-10 23:37
d
w C:\Documents and Settings\Maimai\Application Data\LightZone
2008-02-10 12:28
d
w C:\Program Files\LightZone 3
2008-02-10 12:28
d
w C:\Program Files\Common Files\eSellerate
2008-02-09 11:14
d
w C:\Documents and Settings\Maimai\Application Data\Ahead
2008-02-09 07:11
d
w C:\Documents and Settings\Maimai\Application Data\Skype
2008-02-09 05:59
d
w C:\Documents and Settings\Maimai\Application Data\TuneUp Software
2008-02-08 17:48
d
w C:\Program Files\DiskTrix
2008-02-08 12:27
d
w C:\Program Files\LucasArts
2008-02-08 11:23
d
w C:\Documents and Settings\Maimai\Application Data\MixMeister Technology
2008-02-07 05:16
d
w C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-02-05 04:19
d
w C:\Program Files\VSO
2008-02-05 00:32 47,360 ----a-w C:\WINDOWS\system32\drivers\pcouffin.sys
2008-02-05 00:32 47,360 ----a-w C:\Documents and Settings\Maimai\Application Data\pcouffin.sys
2007-09-13 19:46 11,114 ----a-w C:\Documents and Settings\All Users\Application Data\MainApp.dll
2007-08-22 19:16 81,920 ----a-w C:\Documents and Settings\Maimai\Application Data\ezpinst.exe
2004-07-18 05:54 460,728 ----a-w C:\WINDOWS\Fonts\SET99C.tmp
2004-07-18 05:54 383,140 ----a-w C:\WINDOWS\Fonts\SET99B.tmp
2004-07-18 05:54 355,436 ----a-w C:\WINDOWS\Fonts\SET99A.tmp
2004-07-17 18:39 409,280 ----a-w C:\WINDOWS\Fonts\SET999.tmp
2004-07-17 18:39 398,372 ----a-w C:\WINDOWS\Fonts\SET998.tmp
2004-07-17 18:39 367,112 ----a-w C:\WINDOWS\Fonts\SET9A0.tmp
2004-07-17 18:39 352,224 ----a-w C:\WINDOWS\Fonts\SET99F.tmp
2004-07-17 18:39 171,792 ----a-w C:\WINDOWS\Fonts\SET996.tmp
2004-07-17 18:39 155,068 ----a-w C:\WINDOWS\Fonts\SET99D.tmp
2004-07-17 18:39 134,108 ----a-w C:\WINDOWS\Fonts\SET997.tmp
2004-07-17 18:39 127,596 ----a-w C:\WINDOWS\Fonts\SET99E.tmp
.
Sigcheck
2001-08-23 20:00 12800 0f7d9c87b0ce1fa520473119752c6f79 C:\WINDOWS\$NtServicePackUninstall$\svchost.exe
2004-08-04 15:56 14336 8f078ae4ed187aaabc0a305146de6716 C:\WINDOWS\ServicePackFiles\i386\svchost.exe
2004-08-04 15:56 14336 8f078ae4ed187aaabc0a305146de6716 C:\WINDOWS\system32\svchost.exe
2001-08-23 20:00 75264 8529c295df59b564d37a73b5629162b1 C:\WINDOWS\$NtServicePackUninstall$\ws2_32.dll
2004-08-04 15:56 82944 2ed0b7f12a60f90092081c50fa0ec2b2 C:\WINDOWS\ServicePackFiles\i386\ws2_32.dll
2004-08-04 15:56 82944 2ed0b7f12a60f90092081c50fa0ec2b2 C:\WINDOWS\system32\ws2_32.dll
2005-05-26 03:07 359936 63fdfea54eb53de2d863ee454937ce1e C:\WINDOWS\$hf_mig$\KB893066\SP2QFE\tcpip.sys
2006-01-14 01:07 360448 5562cc0a47b2aef06d3417b733f3c195 C:\WINDOWS\$hf_mig$\KB913446\SP2QFE\tcpip.sys
2006-04-20 20:18 360576 b2220c618b42a2212a59d91ebd6fc4b4 C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys
2007-10-31 00:53 360832 64798ecfa43d78c7178375fcdd16d8c8 C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys
2001-08-23 20:00 327168 e7774698bb0d14b0710a9a31e209f9b6 C:\WINDOWS\$NtServicePackUninstall$\tcpip.sys
2004-08-04 14:14 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\$NtUninstallKB917953$\tcpip.sys
2006-04-20 19:51 359808 1dbf125862891817f374f407626967f4 C:\WINDOWS\$NtUninstallKB941644$\tcpip.sys
2004-08-04 14:14 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\ServicePackFiles\i386\TCPIP.SYS
2008-02-28 23:08 360064 8283a4d489b207991efdc8328733d0bc C:\WINDOWS\system32\dllcache\TCPIP.SYS
2008-02-28 23:08 360064 8283a4d489b207991efdc8328733d0bc C:\WINDOWS\system32\drivers\TCPIP.SYS
2001-08-23 20:00 430080 2b0e480e975ee51f2d5ce5f068fed6e2 C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
2004-08-04 15:56 502272 01c3346c241652f43aed8e2149881bfe C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
2004-08-04 15:56 502272 01c3346c241652f43aed8e2149881bfe C:\WINDOWS\system32\winlogon.exe
2001-08-23 20:00 161536 3efd4f59ba0a340de0a3ab984001dbf7 C:\WINDOWS\$NtServicePackUninstall$\ndis.sys
2004-08-04 14:14 182912 558635d3af1c7546d26067d5d9b6959e C:\WINDOWS\ServicePackFiles\i386\ndis.sys
2004-08-04 14:14 182912 558635d3af1c7546d26067d5d9b6959e C:\WINDOWS\system32\drivers\ndis.sys
2004-08-04 14:00 29056 4448006b6bc60e6c027932cfc38d6855 C:\WINDOWS\ServicePackFiles\i386\ip6fw.sys
2004-08-04 14:00 29056 4448006b6bc60e6c027932cfc38d6855 C:\WINDOWS\system32\drivers\ip6fw.sys
2005-03-02 08:36 2056832 d8aba3eab509627e707a3b14f00fbb6b C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe
2007-02-28 17:15 2059392 4d3dbdccbf97f5ba1e74f322b155c3ba C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe
2001-08-23 20:00 1896704 46e2e3dcf54b819cfb2ebfe48a22b5c9 C:\WINDOWS\$NtServicePackUninstall$\ntkrnlpa.exe
2004-08-04 13:58 2056832 947fb1d86d14afcffdb54bf837ec25d0 C:\WINDOWS\$NtUninstallKB890859$\ntkrnlpa.exe
2005-03-02 08:34 2056832 81013f36b21c7f72cf784cc6731e0002 C:\WINDOWS\$NtUninstallKB931784$\ntkrnlpa.exe
2007-02-28 16:38 2057600 515d30e2c90a3665a2739309334c9283 C:\WINDOWS\Driver Cache\i386\ntkrnlpa.exe
2004-08-04 13:58 2056832 947fb1d86d14afcffdb54bf837ec25d0 C:\WINDOWS\ServicePackFiles\i386\ntkrnlpa.exe
2007-02-28 16:38 2057600 515d30e2c90a3665a2739309334c9283 C:\WINDOWS\system32\ntkrnlpa.exe
2007-02-28 16:38 2057600 515d30e2c90a3665a2739309334c9283 C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
2005-03-02 09:04 2179456 28187802b7c368c0d3aef7d4c382aabb C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
2007-02-28 17:55 2182144 5a5c8db4aa962c714c8371fbdf189fc9 C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe
2001-08-23 20:00 1982208 a29222d5281056e497408fcc9062f749 C:\WINDOWS\$NtServicePackUninstall$\ntoskrnl.exe
2004-08-04 14:19 2180992 ce218bc7088681faa06633e218596ca7 C:\WINDOWS\$NtUninstallKB890859$\ntoskrnl.exe
2005-03-02 08:59 2179328 4d4cf2c14550a4b7718e94a6e581856e C:\WINDOWS\$NtUninstallKB931784$\ntoskrnl.exe
2007-02-28 17:10 2180352 582a8dbaa58c3b1f176eb2817daee77c C:\WINDOWS\Driver Cache\i386\ntoskrnl.exe
2004-08-04 14:19 2180992 ce218bc7088681faa06633e218596ca7 C:\WINDOWS\ServicePackFiles\i386\ntoskrnl.exe
2007-02-28 17:10 2180352 582a8dbaa58c3b1f176eb2817daee77c C:\WINDOWS\system32\ntoskrnl.exe
2007-02-28 17:10 2180352 582a8dbaa58c3b1f176eb2817daee77c C:\WINDOWS\system32\dllcache\ntoskrnl.exe
2007-06-13 18:23 1033216 97bd6515465659ff8f3b7be375b2ea87 C:\WINDOWS\explorer.exe
2007-06-13 19:26 1033216 7712df0cdde3a5ac89843e61cd5b3658 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
2001-08-23 20:00 1000960 5a26fc6010886d25b3e412493dd95ed8 C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
2004-08-04 15:56 1032192 a0732187050030ae399b241436565e64 C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
2007-06-13 18:23 975360 9784e0719124e4a23989aef9e7ca02d6 C:\WINDOWS\ServicePackFiles\i386\explorer.exe
2007-06-13 18:23 1033216 97bd6515465659ff8f3b7be375b2ea87 C:\WINDOWS\system32\dllcache\explorer.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{060BB0AB-4B09-4C51-9ECB-9580A6D08D7F}]
2008-03-29 15:37 39424 --a
C:\WINDOWS\system32\fccATkKb.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1427A821-7B93-4F08-9A34-9FA03A3D93DB}]
2007-03-08 19:02 20480 --a
C:\Program Files\Steganos Security Suite 2007\PasswordManagerBHO.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9CD7EDB9-FD5E-43EF-9A48-FB10B9B85C3C}]
2008-04-05 09:30 269312 --a
C:\WINDOWS\system32\efcDWPJc.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Smapp"="C:\Program Files\Analog Devices\SoundMAX\SMTray.exe" [2003-05-05 22:57 143360]
"DrvLsnr"="C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe" [2003-05-09 01:34 69632]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-06-21 16:48 155648]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-06-22 06:44 126976]
"tsnp2std"="C:\WINDOWS\tsnp2std.exe" [2006-01-07 07:39 110592]
"snp2std"="C:\WINDOWS\vsnp2std.exe" [2006-01-07 03:57 344064]
"Flashget"="C:\Program Files\FlashGet\flashget.exe" [2008-04-01 18:19 1994800]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 17:25 6731312]
"egui"="C:\Program Files\ESET\ESET Smart Security\egui.exe" [2008-03-01 04:54 1443072]
"PinnacleDriverCheck"="C:\WINDOWS\system32\PSDrvCheck.exe" [2004-03-10 16:26 406016]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"= 1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 01000000
"NoRecentDocsNetHood"= 01000000
"NoSMMyDocs"= 00000000
"NoSMMyPictures"= 01000000
"NoNetworkConnections"= 01000000
"NoLogoff"= 0 (0x0)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{060BB0AB-4B09-4C51-9ECB-9580A6D08D7F}"= C:\WINDOWS\system32\fccATkKb.dll [2008-03-29 15:37 39424]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\fccATkKb]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PCANotify]
PCANotify.dll 2007-04-28 02:10 18744 C:\WINDOWS\system32\PCANotify.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winmfu32]
winmfu32.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"MIDI1"= SYNCOR11.DLL
"MSVideo8"= VfWWDM32.dll
"VIDC.WMV3"= wmv9vcm.dll
"VIDC.PIXL"= pclepixl.dll
"VIDC.NTN1"= NUVision.ax
"msacm.l3fhg"= mp3fhg.acm
"msacm.ac3acm"= ac3acm.acm
"msacm.divxa32"= divxa32.acm
"VIDC.MJPG"= Pvmjpg21.dll
"VIDC.PIM1"= pclepim1.dll
"VIDC.I420"= vdrcodec.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 C:\WINDOWS\system32\efcDWPJc
Notification Packages REG_MULTI_SZ :\WINDOWS\syste
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Help]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PinnacleDriverCheck]
--a
2004-03-10 16:26 406016 C:\WINDOWS\system32\PSDrvCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RocketDock]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkinClock]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TuneUp MemOptimizer]
C:\Program Files\TuneUp Utilities 2008\MemOptimizer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"PWRISOVM.EXE"=C:\Program Files\PowerISO\PWRISOVM.EXE
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\WINDOWS\\system32\\rundll32.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\DiskTrix\\UltimateDefrag\\UDefrag.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\FlashGet\\FlashGet.exe"=
"C:\\Program Files\\Java\\jre1.6.0_03\\bin\\javaw.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5631:TCP"= 5631:TCP:pcAnywhere TCP 5631
"5632:UDP"= 5632:UDP:pcAnywhere UDP 5632
"19359:TCP"= 19359:TCP:BitComet 19359 TCP
"19359:UDP"= 19359:UDP:BitComet 19359 UDP
R1 SLEE_15_DRIVER;Steganos Live Encryption Engine 15 [Driver];C:\WINDOWS\system32\drivers\Sleen15.sys [2007-02-21 20:33]
R2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6;C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [2007-09-11 00:45]
R2 ALIEHCD;ALi PCI to USB Enhanced Host Controller;C:\WINDOWS\system32\Drivers\ALIEHCI.sys [2003-06-25 01:47]
R2 SQLWriter;SQL Server VSS Writer;"c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [2007-02-10 05:29]
R2 Steganos AntiTheft;Steganos AntiTheft;C:\WINDOWS\system32\\SatSrv.exe [2006-12-05 17:27]
R3 aliroothub;USB 2.0 Root Hub;C:\WINDOWS\system32\DRIVERS\AliRtHub.sys [2003-06-25 01:55]
R3 NUVision;Pinnacle LINX 2 Video;C:\WINDOWS\system32\DRIVERS\nuvvid2.sys [2001-12-03 12:55]
S2 ousbehci;NEC PCI to USB Enhanced Host Controller;C:\WINDOWS\system32\Drivers\ousbehci.sys [2003-08-01 07:45]
S3 cwrwdm;SoundFusion(tm) WDM Driver;C:\WINDOWS\system32\DRIVERS\cwrwdm.sys [2004-08-04 00:32]
S3 ggflt;SEMC USB Flash Driver Filter;C:\WINDOWS\system32\DRIVERS\ggflt.sys [2008-01-28 00:07]
S3 MSSQL$SONY_MEDIAMGR2;SQL Server (SONY_MEDIAMGR2);"c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSONY_MEDIAMGR2 []
S3 SNP2STD;USB2.0 PC Camera (SNP2STD);C:\WINDOWS\system32\DRIVERS\snp2sxp.sys [2006-05-14 04:57]
S3 USB_RNDIS_XP;Westell WireSpeed Dual Connect Modem;C:\WINDOWS\system32\DRIVERS\usb8023.sys [2004-08-04 14:04]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\bootcd\wintools\autorun.exe
.
Contents of the 'Scheduled Tasks' folder
"2008-04-04 10:11:45 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2008\OneClick.exe
"2008-04-04 08:30:06 C:\WINDOWS\Tasks\Advanced WindowsCare V2 Pro.job"
- C:\Program Files\IObit\Advanced WindowsCare V2 Pro\AutoCare.exe
"2008-03-28 05:10:10 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-04-04 12:20:05 C:\WINDOWS\Tasks\AwcProUpdate.job"
- C:\Program Files\IObit\Advanced WindowsCare V2 Pro\AutoUpdate.ex
- C:\Program Files\IObit\Advanced WindowsCare V2 Pro\.Maimai
"2008-04-05 01:28:26 C:\WINDOWS\Tasks\RegCure Program Check.job"
- C:\Program Files\RegCure\RegCure.exe
"2008-03-19 15:36:56 C:\WINDOWS\Tasks\RegCure.job"
- C:\Program Files\RegCure\RegCure.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-05 09:30:06
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Other Running Processes
.
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\SatSrv.exe
C:\WINDOWS\system32\rundll32.exe
.
**************************************************************************
.
Completion time: 2008-04-05 9:34:28 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-05 01:34:20
Pre-Run: 2,008,850,432 bytes free
Post-Run: 2,023,333,888 bytes free
.
2008-03-31 23:50:41 --- E O F ---
Please remove dss.exe. We don't need it anymore.
==================================================
1. Please open Notepad
- Click Start , then Run
- Type notepad.exe in the Run Box.
2. Now copy/paste the entire content of the codebox below into the Notepad window:File:: C:\WINDOWS\system32\efcDWPJc.dll C:\WINDOWS\system32\fccATkKb.dll Registry:: [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{060BB0AB-4B09-4C51-9ECB-9580A6D08D7F}] [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9CD7EDB9-FD5E-43EF-9A48-FB10B9B85C3C}] [key_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{060BB0AB-4B09-4C51-9ECB-9580A6D08D7F}"=- [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\fccATkKb] [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winmfu32]3. Save the above as CFScript.txt4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.
5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
thank very very much vekarppe.....
here's the file....
ComboFix 08-04-03.5 - Maimai 2008-04-06 15:57:02.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.209 [GMT 8:00]
Running from: C:\Documents and Settings\Maimai\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Maimai\Desktop\CFScript.txt
* Created a new restore point
* Resident AV is active
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
FILE ::
C:\WINDOWS\system32\efcDWPJc.dll
C:\WINDOWS\system32\fccATkKb.dll
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\cJPWDcfe.ini
C:\WINDOWS\system32\cJPWDcfe.ini2
C:\WINDOWS\system32\efcDWPJc.dll
.
((((((((((((((((((((((((( Files Created from 2008-03-06 to 2008-04-06 )))))))))))))))))))))))))))))))
.
2008-04-05 20:11 . 2008-04-05 20:27 7,520 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2008-04-05 15:55 . 2008-04-05 15:58 <DIR> d
C:\Program Files\QuickTime
2008-04-05 15:55 . 2008-04-05 16:00 <DIR> d
C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-04-03 14:31 . 2008-04-03 14:31 <DIR> d
C:\Deckard
2008-04-02 22:05 . 2008-04-02 22:10 <DIR> d
C:\Program Files\1 Click PC Fix 2007
2008-04-02 22:05 . 2001-08-17 00:00 494,352 --a
C:\WINDOWS\system32\SHDOC401.DLL
2008-04-02 22:05 . 2005-10-11 14:40 356,352 --a
C:\WINDOWS\system32\eSellerateEngine.dll
2008-04-02 22:05 . 1998-06-24 00:00 164,144 --a
C:\WINDOWS\system32\COMCT232.OCX
2008-04-02 22:05 . 2000-05-22 15:58 83,144 --a
C:\WINDOWS\system32\PICCLP32.OCX
2008-04-02 22:05 . 2003-06-06 10:21 81,920 --a
C:\WINDOWS\system32\ESELLERATECONTROL350.DLL
2008-04-02 19:39 . 2008-04-02 19:39 <DIR> d
C:\Program Files\IObit
2008-04-02 17:07 . 2008-04-02 17:07 <DIR> d
C:\Documents and Settings\Maimai\Application Data\ESET
2008-04-02 16:48 . 2008-04-02 16:48 <DIR> d
C:\Program Files\ESET
2008-04-02 16:48 . 2008-04-02 16:48 <DIR> d
C:\Documents and Settings\All Users\Application Data\ESET
2008-04-02 12:09 . 2008-04-02 12:09 <DIR> d
C:\Program Files\Windows Doctor
2008-04-01 11:54 . 2008-04-02 16:42 <DIR> d
C:\Program Files\Common Files\Softwin
2008-04-01 11:17 . 2008-04-01 11:24 <DIR> d
C:\Program Files\CA Yahoo! Anti-Spy
2008-03-31 23:00 . 2008-04-01 22:59 <DIR> d
C:\Program Files\EsetOnlineScanner
2008-03-31 21:13 . 2008-04-02 16:41 81,984 --a
C:\WINDOWS\system32\bdod.bin
2008-03-31 21:05 . 2008-04-02 16:42 <DIR> d
C:\Documents and Settings\All Users\Application Data\BitDefender
2008-03-31 20:59 . 2008-04-01 11:16 <DIR> d
C:\Documents and Settings\All Users\Application Data\Avg7
2008-03-31 01:09 . 2008-03-31 01:09 <DIR> d
C:\Documents and Settings\Maimai\Application Data\Grisoft
2008-03-31 01:09 . 2008-03-31 20:59 <DIR> d
C:\Documents and Settings\All Users\Application Data\Grisoft
2008-03-31 01:09 . 2007-05-30 20:10 10,872 --a
C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-03-28 23:37 . 2008-03-28 23:37 90,112 --a
C:\WINDOWS\system32\QuickTimeVR.qtx
2008-03-28 23:37 . 2008-03-28 23:37 57,344 --a
C:\WINDOWS\system32\QuickTime.qts
2008-03-27 23:44 . 2008-03-27 23:45 <DIR> d
C:\Documents and Settings\Administrator\Application Data\Sony
2008-03-27 23:44 . 2008-03-27 23:44 <DIR> d
C:\Documents and Settings\Administrator\Application Data\Publish Providers
2008-03-26 18:43 . 2008-03-26 21:42 <DIR> d
C:\Vdefs
2008-03-26 12:37 . 2004-08-04 00:59 36,352 --a
C:\WINDOWS\system32\drivers\disk.sys
2008-03-26 11:40 . 2008-03-26 11:40 <DIR> d
C:\Program Files\Sony Setup
2008-03-25 23:58 . 2008-03-26 14:14 <DIR> d
C:\Documents and Settings\Maimai\Application Data\BitComet Turbo
2008-03-25 23:03 . 2005-06-21 16:43 163,840 --a
C:\WINDOWS\system32\igfxres.dll
2008-03-25 19:51 . 2004-09-28 13:08 458,112 --a
C:\WINDOWS\system32\drivers\MarvinUsb.sys
2008-03-25 19:18 . 2008-03-25 20:04 <DIR> d
C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc
2008-03-25 11:51 . 2004-03-10 16:26 406,016 --a
C:\WINDOWS\system32\PSDrvCheck.exe
2008-03-23 20:30 . 2008-03-23 20:30 <DIR> d
C:\WINDOWS\WinAVI Video Converter 9.0
2008-03-23 20:30 . 2008-03-23 20:30 <DIR> d
C:\Program Files\WinAVI Video Converter 9.0
2008-03-23 02:07 . 2004-01-23 17:44 61,440 --a
C:\WINDOWS\system32\pclepim1.dll
2008-03-22 14:48 . 2008-03-22 14:48 <DIR> d
C:\Program Files\SmartSound Software
2008-03-21 23:14 . 2008-03-21 23:32 <DIR> d
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-21 16:39 . 2008-04-03 17:00 78,184 --a
C:\WINDOWS\system32\GDIPFONTCACHEV1.DAT
2008-03-21 13:44 . 2004-03-03 12:50 930,992 --a
C:\WINDOWS\system32\Ltr13n.dll
2008-03-21 13:44 . 2004-03-03 12:50 306,352 --a
C:\WINDOWS\system32\Ltrio13n.dll
2008-03-21 00:44 . 2008-03-21 01:34 <DIR> d
C:\Documents and Settings\All Users\Application Data\Watermark Factory
2008-03-21 00:43 . 2008-03-21 01:21 <DIR> d
C:\Program Files\Watermark Factory 2
2008-03-21 00:43 . 2007-02-12 21:19 380,928 --a
C:\WINDOWS\system32\actskin4.ocx
2008-03-19 23:27 . 2008-03-21 10:46 <DIR> d
C:\Program Files\RegCure
2008-03-19 20:12 . 2008-03-31 22:25 <DIR> d--h
C:\Program Files\windows_updates
2008-03-19 15:26 . 2008-03-25 08:25 48 --a
C:\WINDOWS\system32\blue.SITENAME
2008-03-19 15:25 . 2008-03-19 15:28 455 --a
C:\WINDOWS\VFO.VST
2008-03-19 14:59 . 2008-03-22 14:48 <DIR> d
C:\Program Files\DivX
2008-03-19 14:59 . 2008-03-25 08:46 1,182 --a
C:\WINDOWS\VFO.INI
2008-03-18 21:34 . 2008-03-19 23:05 <DIR> d
C:\Documents and Settings\Maimai\Application Data\UseNeXT
2008-03-18 21:34 . 2008-03-18 21:34 2,199,336 --a
C:\WINDOWS\usenext_freetrial.exe
2008-03-17 19:42 . 2008-03-17 19:42 <DIR> d
C:\Program Files\GoldWave
2008-03-16 11:03 . 2008-03-19 16:32 <DIR> d
C:\Program Files\Steinberg
2008-03-16 11:03 . 2008-03-16 11:03 2,019 --a
C:\WINDOWS\NewRecorder.reg
2008-03-16 11:02 . 2008-03-16 11:02 <DIR> d
C:\Documents and Settings\All Users\Application Data\InstallShield
2008-03-15 13:02 . 2004-08-04 15:56 221,184 --a
C:\WINDOWS\system32\wmpns.dll
2008-03-15 09:30 . 2008-03-15 09:30 <DIR> d
C:\Program Files\Common Files\SureThing Shared
2008-03-15 09:20 . 2008-03-15 09:20 <DIR> d
C:\Program Files\proDAD
2008-03-14 11:49 . 2008-03-14 11:58 5,272 --a
C:\WINDOWS\BricoPackFoldersDelete.cmd
2008-03-14 00:23 . 2008-03-14 00:23 <DIR> d
C:\temp\tmp
2008-03-14 00:23 . 2008-03-14 00:23 <DIR> d
C:\temp\pre
2008-03-14 00:23 . 2008-03-14 00:23 <DIR> d
C:\temp\peak
2008-03-14 00:23 . 2008-03-14 00:23 <DIR> d
C:\temp\img
2008-03-14 00:23 . 2008-03-14 00:23 <DIR> d
C:\temp\Alternate
2008-03-14 00:23 . 2008-03-14 12:09 <DIR> d
C:\temp
2008-03-12 13:23 . 2008-03-12 13:23 <DIR> d
C:\Documents and Settings\Maimai\Application Data\InstallShield
2008-03-11 21:15 . 2008-03-11 21:15 <DIR> d
C:\Program Files\AdorageI-SAL
2008-03-11 12:05 . 2008-03-15 10:41 <DIR> d
C:\Program Files\BIAS
2008-03-11 12:03 . 2008-03-15 09:20 <DIR> d
C:\Documents and Settings\Maimai\Application Data\proDAD
2008-03-10 19:36 . 2006-11-15 11:29 1,712,128 --a
C:\WINDOWS\system32\GDIPLUS.DLL
2008-03-10 19:28 . 2008-03-10 19:28 <DIR> d
C:\WINDOWS\system32\URTTEMP
2008-03-10 19:26 . 2004-07-02 17:28 84,992 --a
C:\WINDOWS\system32\ATL70.DLL
2008-03-10 19:24 . 2007-01-04 10:07 171,520 --a
C:\WINDOWS\system32\drivers\MarvinBus.sys
2008-03-10 19:24 . 2002-03-19 10:29 14,165
C:\WINDOWS\system32\drivers\Pclepci.sys
2008-03-10 19:20 . 2008-03-10 19:38 <DIR> d
C:\Documents and Settings\All Users\Application Data\Pinnacle Studio
2008-03-10 19:16 . 2008-03-22 14:57 <DIR> d
C:\Documents and Settings\All Users\Application Data\Pinnacle
2008-03-09 20:42 . 2008-03-25 21:55 <DIR> d
C:\Program Files\LimeWire Ultra Accelerator
2008-03-09 11:48 . 2008-03-09 11:48 <DIR> d
C:\Program Files\BT Engine
2008-03-09 11:30 . 2008-03-09 11:47 <DIR> d
C:\Program Files\LimeWire Acceleration Patch
2008-03-06 20:05 . 2008-03-06 20:05 <DIR> d
C:\Program Files\Alcohol Soft
2008-03-06 20:02 . 2008-04-01 21:42 715,248 --a
C:\WINDOWS\system32\drivers\sptd.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-06 07:52
d
w C:\Program Files\FlashGet
2008-04-04 10:16
d
w C:\Program Files\Common Files\Wise Installation Wizard
2008-04-03 08:59
d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-04-02 11:33
d--h--w C:\Program Files\InstallShield Installation Information
2008-04-01 03:17
d
w C:\Program Files\Yahoo!
2008-04-01 03:17
d
w C:\Program Files\Common Files\Scanner
2008-03-31 13:02
d
w C:\Program Files\CA
2008-03-30 11:09
d
w C:\Program Files\GameHouse
2008-03-30 11:01
d
w C:\Program Files\Clock Tray Skins
2008-03-30 02:59
d
w C:\Program Files\MSXML 4.0
2008-03-28 03:37
d
w C:\Program Files\PowerISO
2008-03-27 04:28
d
w C:\Documents and Settings\Maimai\Application Data\LimeWire
2008-03-26 03:43
d
w C:\Program Files\Vstplugins
2008-03-26 03:42
d
w C:\Documents and Settings\All Users\Application Data\Sony
2008-03-25 11:02
d
w C:\Program Files\Pinnacle Systems
2008-03-25 00:43
d
w C:\Program Files\Pinnacle
2008-03-16 03:02
d
w C:\Program Files\Common Files\InstallShield
2008-03-15 15:32
d
w C:\Documents and Settings\Maimai\Application Data\Vso
2008-03-14 03:58 72,074 ----a-w C:\WINDOWS\BricoPackUninst.cmd
2008-03-11 14:34
d
w C:\Program Files\Common Files\Adobe
2008-03-11 03:15
d
w C:\Program Files\Conduit
2008-03-06 04:55
d
w C:\Program Files\Do It Again
2008-03-06 04:46
d
w C:\Program Files\LimeWire Turbo Accelerator
2008-03-05 04:46
d
w C:\Program Files\GlobalSCAPE
2008-03-03 05:18
d
w C:\Program Files\Rainlendar
2008-03-03 05:18
d
w C:\Documents and Settings\Maimai\Application Data\Rainlendar
2008-02-29 20:56 71,176 ----a-w C:\WINDOWS\system32\drivers\epfw.sys
2008-02-29 20:56 54,280 ----a-w C:\WINDOWS\system32\drivers\epfwtdi.sys
2008-02-29 20:56 30,728 ----a-w C:\WINDOWS\system32\drivers\epfwndis.sys
2008-02-29 20:53 29,704 ----a-w C:\WINDOWS\system32\drivers\easdrv.sys
2008-02-29 20:52 39,944 ----a-w C:\WINDOWS\system32\drivers\eamon.sys
2008-02-28 15:08 360,064 ----a-w C:\WINDOWS\system32\drivers\TCPIP.SYS.ORIGINAL
2008-02-28 15:08 360,064 ----a-w C:\WINDOWS\system32\drivers\TCPIP.SYS
2008-02-27 15:39
d
w C:\Documents and Settings\Maimai\Application Data\Thinstall
2008-02-27 04:51
d
w C:\Program Files\LimeWire
2008-02-25 14:20
d
w C:\Program Files\Sony
2008-02-24 11:57
d
w C:\Documents and Settings\Maimai\Application Data\Sony
2008-02-23 13:06
d
w C:\Program Files\MIKSOFT
2008-02-22 11:28
d
w C:\Program Files\Audio Editor Gold
2008-02-21 04:15
d
w C:\Program Files\VASST
2008-02-19 10:00
d
w C:\Program Files\Microsoft.NET
2008-02-19 09:59
d
w C:\Program Files\Microsoft SQL Server
2008-02-17 15:50
d
w C:\Documents and Settings\Maimai\Application Data\Publish Providers
2008-02-17 13:19
d
w C:\Program Files\Unlocker
2008-02-17 12:18
d
w C:\Program Files\MSBuild
2008-02-17 12:09
d
w C:\Program Files\Reference Assemblies
2008-02-16 20:39
d
w C:\Documents and Settings\Maimai\Application Data\Sony Setup
2008-02-16 05:36
d
w C:\Program Files\Common Files\Digidesign
2008-02-16 05:33
d
w C:\Program Files\SafeNet Sentinel
2008-02-16 05:33
d
w C:\Program Files\Common Files\SafeNet Sentinel
2008-02-13 11:41
d
w C:\Documents and Settings\All Users\Application Data\espionServerData
2008-02-13 06:13
d
w C:\Program Files\Common Files\Macrovision Shared
2008-02-11 01:07
d
w C:\Documents and Settings\Maimai\Application Data\LEAPS
2008-02-11 00:46
d
w C:\Documents and Settings\Maimai\Application Data\Pegasys Inc
2008-02-10 23:38 33,408 ----a-w C:\WINDOWS\system32\drivers\CDRBSDRV.SYS
2008-02-10 23:37
d
w C:\Documents and Settings\Maimai\Application Data\LightZone
2008-02-10 12:28
d
w C:\Program Files\LightZone 3
2008-02-10 12:28
d
w C:\Program Files\Common Files\eSellerate
2008-02-09 11:14
d
w C:\Documents and Settings\Maimai\Application Data\Ahead
2008-02-09 07:11
d
w C:\Documents and Settings\Maimai\Application Data\Skype
2008-02-09 05:59
d
w C:\Documents and Settings\Maimai\Application Data\TuneUp Software
2008-02-08 17:48
d
w C:\Program Files\DiskTrix
2008-02-08 12:27
d
w C:\Program Files\LucasArts
2008-02-08 11:23
d
w C:\Documents and Settings\Maimai\Application Data\MixMeister Technology
2008-02-07 05:16
d
w C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-02-05 00:32 47,360 ----a-w C:\Documents and Settings\Maimai\Application Data\pcouffin.sys
2007-09-13 19:46 11,114 ----a-w C:\Documents and Settings\All Users\Application Data\MainApp.dll
2007-08-22 19:16 81,920 ----a-w C:\Documents and Settings\Maimai\Application Data\ezpinst.exe
.
Sigcheck
2001-08-23 20:00 12800 0f7d9c87b0ce1fa520473119752c6f79 C:\WINDOWS\$NtServicePackUninstall$\svchost.exe
2004-08-04 15:56 14336 8f078ae4ed187aaabc0a305146de6716 C:\WINDOWS\ServicePackFiles\i386\svchost.exe
2004-08-04 15:56 14336 8f078ae4ed187aaabc0a305146de6716 C:\WINDOWS\system32\svchost.exe
2001-08-23 20:00 75264 8529c295df59b564d37a73b5629162b1 C:\WINDOWS\$NtServicePackUninstall$\ws2_32.dll
2004-08-04 15:56 82944 2ed0b7f12a60f90092081c50fa0ec2b2 C:\WINDOWS\ServicePackFiles\i386\ws2_32.dll
2004-08-04 15:56 82944 2ed0b7f12a60f90092081c50fa0ec2b2 C:\WINDOWS\system32\ws2_32.dll
2005-05-26 03:07 359936 63fdfea54eb53de2d863ee454937ce1e C:\WINDOWS\$hf_mig$\KB893066\SP2QFE\tcpip.sys
2006-01-14 01:07 360448 5562cc0a47b2aef06d3417b733f3c195 C:\WINDOWS\$hf_mig$\KB913446\SP2QFE\tcpip.sys
2006-04-20 20:18 360576 b2220c618b42a2212a59d91ebd6fc4b4 C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys
2007-10-31 00:53 360832 64798ecfa43d78c7178375fcdd16d8c8 C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys
2001-08-23 20:00 327168 e7774698bb0d14b0710a9a31e209f9b6 C:\WINDOWS\$NtServicePackUninstall$\tcpip.sys
2004-08-04 14:14 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\$NtUninstallKB917953$\tcpip.sys
2006-04-20 19:51 359808 1dbf125862891817f374f407626967f4 C:\WINDOWS\$NtUninstallKB941644$\tcpip.sys
2004-08-04 14:14 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\ServicePackFiles\i386\TCPIP.SYS
2008-02-28 23:08 360064 8283a4d489b207991efdc8328733d0bc C:\WINDOWS\system32\dllcache\TCPIP.SYS
2008-02-28 23:08 360064 8283a4d489b207991efdc8328733d0bc C:\WINDOWS\system32\drivers\TCPIP.SYS
2001-08-23 20:00 430080 2b0e480e975ee51f2d5ce5f068fed6e2 C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
2004-08-04 15:56 502272 01c3346c241652f43aed8e2149881bfe C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
2004-08-04 15:56 502272 01c3346c241652f43aed8e2149881bfe C:\WINDOWS\system32\winlogon.exe
2001-08-23 20:00 161536 3efd4f59ba0a340de0a3ab984001dbf7 C:\WINDOWS\$NtServicePackUninstall$\ndis.sys
2004-08-04 14:14 182912 558635d3af1c7546d26067d5d9b6959e C:\WINDOWS\ServicePackFiles\i386\ndis.sys
2004-08-04 14:14 182912 558635d3af1c7546d26067d5d9b6959e C:\WINDOWS\system32\drivers\ndis.sys
2004-08-04 14:00 29056 4448006b6bc60e6c027932cfc38d6855 C:\WINDOWS\ServicePackFiles\i386\ip6fw.sys
2004-08-04 14:00 29056 4448006b6bc60e6c027932cfc38d6855 C:\WINDOWS\system32\drivers\ip6fw.sys
2005-03-02 08:36 2056832 d8aba3eab509627e707a3b14f00fbb6b C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe
2007-02-28 17:15 2059392 4d3dbdccbf97f5ba1e74f322b155c3ba C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe
2001-08-23 20:00 1896704 46e2e3dcf54b819cfb2ebfe48a22b5c9 C:\WINDOWS\$NtServicePackUninstall$\ntkrnlpa.exe
2004-08-04 13:58 2056832 947fb1d86d14afcffdb54bf837ec25d0 C:\WINDOWS\$NtUninstallKB890859$\ntkrnlpa.exe
2005-03-02 08:34 2056832 81013f36b21c7f72cf784cc6731e0002 C:\WINDOWS\$NtUninstallKB931784$\ntkrnlpa.exe
2007-02-28 16:38 2057600 515d30e2c90a3665a2739309334c9283 C:\WINDOWS\Driver Cache\i386\ntkrnlpa.exe
2004-08-04 13:58 2056832 947fb1d86d14afcffdb54bf837ec25d0 C:\WINDOWS\ServicePackFiles\i386\ntkrnlpa.exe
2007-02-28 16:38 2057600 515d30e2c90a3665a2739309334c9283 C:\WINDOWS\system32\ntkrnlpa.exe
2007-02-28 16:38 2057600 515d30e2c90a3665a2739309334c9283 C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
2005-03-02 09:04 2179456 28187802b7c368c0d3aef7d4c382aabb C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
2007-02-28 17:55 2182144 5a5c8db4aa962c714c8371fbdf189fc9 C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe
2001-08-23 20:00 1982208 a29222d5281056e497408fcc9062f749 C:\WINDOWS\$NtServicePackUninstall$\ntoskrnl.exe
2004-08-04 14:19 2180992 ce218bc7088681faa06633e218596ca7 C:\WINDOWS\$NtUninstallKB890859$\ntoskrnl.exe
2005-03-02 08:59 2179328 4d4cf2c14550a4b7718e94a6e581856e C:\WINDOWS\$NtUninstallKB931784$\ntoskrnl.exe
2007-02-28 17:10 2180352 582a8dbaa58c3b1f176eb2817daee77c C:\WINDOWS\Driver Cache\i386\ntoskrnl.exe
2004-08-04 14:19 2180992 ce218bc7088681faa06633e218596ca7 C:\WINDOWS\ServicePackFiles\i386\ntoskrnl.exe
2007-02-28 17:10 2180352 582a8dbaa58c3b1f176eb2817daee77c C:\WINDOWS\system32\ntoskrnl.exe
2007-02-28 17:10 2180352 582a8dbaa58c3b1f176eb2817daee77c C:\WINDOWS\system32\dllcache\ntoskrnl.exe
2007-06-13 18:23 1033216 97bd6515465659ff8f3b7be375b2ea87 C:\WINDOWS\explorer.exe
2007-06-13 19:26 1033216 7712df0cdde3a5ac89843e61cd5b3658 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
2001-08-23 20:00 1000960 5a26fc6010886d25b3e412493dd95ed8 C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
2004-08-04 15:56 1032192 a0732187050030ae399b241436565e64 C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
2007-06-13 18:23 975360 9784e0719124e4a23989aef9e7ca02d6 C:\WINDOWS\ServicePackFiles\i386\explorer.exe
2007-06-13 18:23 1033216 97bd6515465659ff8f3b7be375b2ea87 C:\WINDOWS\system32\dllcache\explorer.exe
.
((((((((((((((((((((((((((((( snapshot@2008-04-05_ 9.33.32.26 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-04-05 00:32:27 88,152 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-04-06 07:34:19 88,152 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-04-05 00:32:28 482,958 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-04-06 07:34:19 482,958 ----a-w C:\WINDOWS\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1427A821-7B93-4F08-9A34-9FA03A3D93DB}]
2007-03-08 19:02 20480 --a
C:\Program Files\Steganos Security Suite 2007\PasswordManagerBHO.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2007-12-22 15:23 221568]
"Google Update"="C:\Documents and Settings\Maimai\Local Settings\Application Data\Google\Update\1.1.25.0\GoogleUpdate.exe" [2008-03-21 01:55 51184]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Smapp"="C:\Program Files\Analog Devices\SoundMAX\SMTray.exe" [2003-05-05 22:57 143360]
"DrvLsnr"="C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe" [2003-05-09 01:34 69632]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-06-21 16:48 155648]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-06-22 06:44 126976]
"tsnp2std"="C:\WINDOWS\tsnp2std.exe" [2006-01-07 07:39 110592]
"snp2std"="C:\WINDOWS\vsnp2std.exe" [2006-01-07 03:57 344064]
"Flashget"="C:\Program Files\FlashGet\flashget.exe" [2008-04-01 18:19 1994800]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 17:25 6731312]
"egui"="C:\Program Files\ESET\ESET Smart Security\egui.exe" [2008-03-01 04:54 1443072]
"PinnacleDriverCheck"="C:\WINDOWS\system32\PSDrvCheck.exe" [2004-03-10 16:26 406016]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"= 1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 01000000
"NoRecentDocsNetHood"= 01000000
"NoSMMyDocs"= 00000000
"NoSMMyPictures"= 01000000
"NoNetworkConnections"= 01000000
"NoLogoff"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PCANotify]
PCANotify.dll 2007-04-28 02:10 18744 C:\WINDOWS\system32\PCANotify.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"MIDI1"= SYNCOR11.DLL
"MSVideo8"= VfWWDM32.dll
"VIDC.WMV3"= wmv9vcm.dll
"VIDC.PIXL"= pclepixl.dll
"VIDC.NTN1"= NUVision.ax
"msacm.l3fhg"= mp3fhg.acm
"msacm.ac3acm"= ac3acm.acm
"msacm.divxa32"= divxa32.acm
"VIDC.MJPG"= Pvmjpg21.dll
"VIDC.PIM1"= pclepim1.dll
"VIDC.I420"= vdrcodec.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ :\WINDOWS\syste
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Help]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PinnacleDriverCheck]
--a
2004-03-10 16:26 406016 C:\WINDOWS\system32\PSDrvCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RocketDock]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkinClock]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TuneUp MemOptimizer]
C:\Program Files\TuneUp Utilities 2008\MemOptimizer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"PWRISOVM.EXE"=C:\Program Files\PowerISO\PWRISOVM.EXE
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\WINDOWS\\system32\\rundll32.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\DiskTrix\\UltimateDefrag\\UDefrag.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\FlashGet\\FlashGet.exe"=
"C:\\Program Files\\Java\\jre1.6.0_03\\bin\\javaw.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5631:TCP"= 5631:TCP:pcAnywhere TCP 5631
"5632:UDP"= 5632:UDP:pcAnywhere UDP 5632
"19359:TCP"= 19359:TCP:BitComet 19359 TCP
"19359:UDP"= 19359:UDP:BitComet 19359 UDP
R1 SLEE_15_DRIVER;Steganos Live Encryption Engine 15 [Driver];C:\WINDOWS\system32\drivers\Sleen15.sys [2007-02-21 20:33]
R2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6;C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [2007-09-11 00:45]
R2 ALIEHCD;ALi PCI to USB Enhanced Host Controller;C:\WINDOWS\system32\Drivers\ALIEHCI.sys [2003-06-25 01:47]
R2 SQLWriter;SQL Server VSS Writer;"c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [2007-02-10 05:29]
R2 Steganos AntiTheft;Steganos AntiTheft;C:\WINDOWS\system32\\SatSrv.exe [2006-12-05 17:27]
R3 aliroothub;USB 2.0 Root Hub;C:\WINDOWS\system32\DRIVERS\AliRtHub.sys [2003-06-25 01:55]
R3 NUVision;Pinnacle LINX 2 Video;C:\WINDOWS\system32\DRIVERS\nuvvid2.sys [2001-12-03 12:55]
S2 ousbehci;NEC PCI to USB Enhanced Host Controller;C:\WINDOWS\system32\Drivers\ousbehci.sys [2003-08-01 07:45]
S3 cwrwdm;SoundFusion(tm) WDM Driver;C:\WINDOWS\system32\DRIVERS\cwrwdm.sys [2004-08-04 00:32]
S3 ggflt;SEMC USB Flash Driver Filter;C:\WINDOWS\system32\DRIVERS\ggflt.sys [2008-01-28 00:07]
S3 MSSQL$SONY_MEDIAMGR2;SQL Server (SONY_MEDIAMGR2);"c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSONY_MEDIAMGR2 []
S3 SNP2STD;USB2.0 PC Camera (SNP2STD);C:\WINDOWS\system32\DRIVERS\snp2sxp.sys [2006-05-14 04:57]
S3 USB_RNDIS_XP;Westell WireSpeed Dual Connect Modem;C:\WINDOWS\system32\DRIVERS\usb8023.sys [2004-08-04 14:04]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\bootcd\wintools\autorun.exe
.
Contents of the 'Scheduled Tasks' folder
"2008-04-04 10:11:45 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2008\OneClick.exe
"2008-04-05 08:30:02 C:\WINDOWS\Tasks\Advanced WindowsCare V2 Pro.job"
- C:\Program Files\IObit\Advanced WindowsCare V2 Pro\AutoCare.exe
"2008-03-28 05:10:10 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-04-05 12:00:49 C:\WINDOWS\Tasks\AwcProUpdate.job"
- C:\Program Files\IObit\Advanced WindowsCare V2 Pro\AutoUpdate.ex
- C:\Program Files\IObit\Advanced WindowsCare V2 Pro\.Maimai
"2008-04-06 08:03:25 C:\WINDOWS\Tasks\RegCure Program Check.job"
- C:\Program Files\RegCure\RegCure.exe
"2008-03-19 15:36:56 C:\WINDOWS\Tasks\RegCure.job"
- C:\Program Files\RegCure\RegCure.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-06 16:04:46
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Other Running Processes
.
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\SatSrv.exe
.
**************************************************************************
.
Completion time: 2008-04-06 16:07:22 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-06 08:07:14
ComboFix2.txt 2008-04-05 01:34:29
Pre-Run: 2,686,787,584 bytes free
Post-Run: 2,671,419,392 bytes free
.
2008-03-31 23:50:41 --- E O F ---
Download Malwarebytes' Anti-Malware from here or here
Double Click mbam-setup.exe to install the application.
- Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
- If an update is found, it will download and install the latest version.
- Once the program has loaded, select "Perform Quick Scan", then click Scan.
- The scan may take some time to finish,so please be patient.
- When the scan is complete, click OK, then Show Results to view the results.
- Make sure that everything is checked, and click Remove Selected.
- When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
- The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
- Copy&Paste the entire report in your next reply.
Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediatly.===============================================
Please do an online scan with Kaspersky WebScanner
Click on Accept
You will be promted to install an ActiveX component from Kaspersky, Click Yes.
- The program will launch and then begin downloading the latest definition files:
- Once the files have been downloaded click on NEXT
- Now click on Scan Settings
- In the scan settings make that the following are selected:
- Scan using the following Anti-Virus database:
- Extended (if available otherwise Standard)
- Scan Options:
- Scan Archives
- Click OK
- Now under select a target to scan:
- Select My Computer
- This will program will start and scan your system.
- The scan will take a while so be patient and let it run.
- Once the scan is complete it will display if your system has been infected.
- Now click on the Save as Text button:
- Save the file to your desktop.
- Copy and paste that information in your next post.
Post the logs hereScan Mail Bases
Malwarebytes' Anti-Malware 1.10
Database version: 597
Scan type: Quick Scan
Objects scanned: 30974
Time elapsed: 6 minute(s), 12 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
Do you have any problems?
How is your computer doing?
vekarppe thanks again...
my computer is working fine and in good health thanks to you...
KASPERSKY ONLINE SCANNER REPORT
Monday, April 07, 2008 6:32:09 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 7/04/2008
Kaspersky Anti-Virus database records: 687774
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
A:\
C:\
D:\
W:\
Y:\
Scan Statistics:
Total number of scanned objects: 117231
Number of viruses found: 14
Number of infected objects: 35
Number of suspicious objects: 0
Duration of the scan process: 03:49:20
Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\ESET\ESET Smart Security\Charon\CACHE.NDB Object is locked skipped
C:\Documents and Settings\All Users\Application Data\ESET\ESET Smart Security\Logs\epfwlog.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\ESET\ESET Smart Security\Logs\virlog.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\ESET\ESET Smart Security\Logs\warnlog.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Maimai\Application Data\Mozilla\Firefox\Profiles\57vgtsc7.default\cert8.db Object is locked skipped
C:\Documents and Settings\Maimai\Application Data\Mozilla\Firefox\Profiles\57vgtsc7.default\formhistory.dat Object is locked skipped
C:\Documents and Settings\Maimai\Application Data\Mozilla\Firefox\Profiles\57vgtsc7.default\history.dat Object is locked skipped
C:\Documents and Settings\Maimai\Application Data\Mozilla\Firefox\Profiles\57vgtsc7.default\key3.db Object is locked skipped
C:\Documents and Settings\Maimai\Application Data\Mozilla\Firefox\Profiles\57vgtsc7.default\parent.lock Object is locked skipped
C:\Documents and Settings\Maimai\Application Data\Mozilla\Firefox\Profiles\57vgtsc7.default\search.sqlite Object is locked skipped
C:\Documents and Settings\Maimai\Application Data\Mozilla\Firefox\Profiles\57vgtsc7.default\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\Maimai\Application Data\Thinstall\Megaupload Toolbar\%Profile%\Local Settings\Temporary Internet Files\Content.IE5\A7J139M2\Nudge%20Madness[1].rar/Nudge Madness.exe Infected: HackTool.Win32.VB.lx skipped
C:\Documents and Settings\Maimai\Application Data\Thinstall\Megaupload Toolbar\%Profile%\Local Settings\Temporary Internet Files\Content.IE5\A7J139M2\Nudge%20Madness[1].rar RAR: infected - 1 skipped
C:\Documents and Settings\Maimai\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Maimai\Local Settings\Application Data\Microsoft\CardSpace\CardSpace.db Object is locked skipped
C:\Documents and Settings\Maimai\Local Settings\Application Data\Microsoft\CardSpace\CardSpace.db.shadow Object is locked skipped
C:\Documents and Settings\Maimai\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Maimai\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Maimai\Local Settings\Application Data\Mozilla\Firefox\Profiles\57vgtsc7.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\Maimai\Local Settings\Application Data\Mozilla\Firefox\Profiles\57vgtsc7.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\Maimai\Local Settings\Application Data\Mozilla\Firefox\Profiles\57vgtsc7.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\Maimai\Local Settings\Application Data\Mozilla\Firefox\Profiles\57vgtsc7.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\Maimai\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Maimai\Local Settings\temp\~DFCE9.tmp Object is locked skipped
C:\Documents and Settings\Maimai\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Maimai\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Maimai\My Documents\My Music\Shared\Eighties classic (wonderwoman).wma Infected: Trojan-Downloader.WMA.Wimad.l skipped
C:\Documents and Settings\Maimai\My Documents\My Music\Shared\gloc9 ost kung fu kids.mp3 Infected: Trojan-Downloader.WMA.Wimad.n skipped
C:\Documents and Settings\Maimai\My Documents\My Music\Shared\karate sound clip.mp3 Infected: Trojan-Downloader.WMA.Wimad.n skipped
C:\Documents and Settings\Maimai\My Documents\My Music\Shared\sound effects fx camera shutte.mp3 Infected: Trojan-Downloader.WMA.Wimad.n skipped
C:\Documents and Settings\Maimai\My Documents\Sony Media Libraries\Default.medialib Object is locked skipped
C:\Documents and Settings\Maimai\ntuser.dat Object is locked skipped
C:\Documents and Settings\Maimai\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Downloads\CryptLoad_1.0.4\router\FRITZ!Box\nc.exe Infected: not-a-virus:RemoteAdmin.Win32.NetCat skipped
C:\Downloads\E-lephant.0.0.1.1B\(E)lephant by SK\Plugins\(E)lephant - MU.Downloader.exe Infected: Worm.Win32.AutoRun.cfp skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\awtsQIBt.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.ltw skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\awtsQKcd.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.ltw skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\hgGwwxUm.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.ltw skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\rqRKbxyY.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.ltw skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\vtUonoOi.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.ltw skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{6D461B1C-7BE8-4035-B5FB-62ADF7149126}\RP652\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
W:\softwares\Adobe\Adobe.Photoshop.Lightroom.v1.3.1.Multilingual.Incl.Keymaker-CORE\Adobe.Photoshop.Lightroom.v1.3.1.Multilingual.Incl.Keymaker-CORE\LTRM_WWEFG_win.exe/crack.exe Infected: Backdoor.Win32.IRCBot.btj skipped
W:\softwares\Adobe\Adobe.Photoshop.Lightroom.v1.3.1.Multilingual.Incl.Keymaker-CORE\Adobe.Photoshop.Lightroom.v1.3.1.Multilingual.Incl.Keymaker-CORE\LTRM_WWEFG_win.exe CAB: infected - 1 skipped
W:\softwares\Adobe\ADOBEKeygens\Keygens\Photoshop CS3 Keygen + Activation.exe/data.rar/RunSequence.exe/script.au3 Infected: Backdoor.Win32.DSSdoor.c skipped
W:\softwares\Adobe\ADOBEKeygens\Keygens\Photoshop CS3 Keygen + Activation.exe/data.rar/RunSequence.exe Infected: Backdoor.Win32.DSSdoor.c skipped
W:\softwares\Adobe\ADOBEKeygens\Keygens\Photoshop CS3 Keygen + Activation.exe/data.rar/_aps activator.exe Infected: Backdoor.Win32.DSSdoor.c skipped
W:\softwares\Adobe\ADOBEKeygens\Keygens\Photoshop CS3 Keygen + Activation.exe/data.rar Infected: Backdoor.Win32.DSSdoor.c skipped
W:\softwares\Adobe\ADOBEKeygens\Keygens\Photoshop CS3 Keygen + Activation.exe RarSFX: infected - 4 skipped
W:\softwares\TuneUpUtilities2008v7.0.7992.NewFullyPatch.exel\TU2008 Keymaker_REA\TuneUp2008 Keymaker.exe Infected: Backdoor.Win32.Rbot.pfa skipped
W:\softwares\TuneUpUtilities2008v7.0.7992.NewFullyPatch.exel\Keygen by Team FFF\Keygen.exe Infected: Trojan-Downloader.Win32.Agent.ifq skipped
W:\softwares\id3 editor new.zip/setup.exe/data0009/stream/data0004 Infected: not-a-virus:AdWare.Win32.TrafficSol.o skipped
W:\softwares\id3 editor new.zip/setup.exe/data0009/stream Infected: not-a-virus:AdWare.Win32.TrafficSol.o skipped
W:\softwares\id3 editor new.zip/setup.exe/data0009 Infected: not-a-virus:AdWare.Win32.TrafficSol.o skipped
W:\softwares\id3 editor new.zip/setup.exe/data0010/stream/data0005 Infected: not-a-virus:AdWare.Win32.BHO.adj skipped
W:\softwares\id3 editor new.zip/setup.exe/data0010/stream/data0006 Infected: not-a-virus:AdWare.Win32.BHO.ww skipped
W:\softwares\id3 editor new.zip/setup.exe/data0010/stream Infected: not-a-virus:AdWare.Win32.BHO.ww skipped
W:\softwares\id3 editor new.zip/setup.exe/data0010 Infected: not-a-virus:AdWare.Win32.BHO.ww skipped
W:\softwares\id3 editor new.zip/setup.exe Infected: not-a-virus:AdWare.Win32.BHO.ww skipped
W:\softwares\id3 editor new.zip ZIP: infected - 8 skipped
W:\softwares\Satellite_TV_for_PC_2008_Elite_Edition\Satellite TV for PC 2008 Elite Edition\Setup.exe/data0000.cab/Channels.exe Infected: Backdoor.Win32.Bifrose.dht skipped
W:\softwares\Satellite_TV_for_PC_2008_Elite_Edition\Satellite TV for PC 2008 Elite Edition\Setup.exe/data0000.cab Infected: Backdoor.Win32.Bifrose.dht skipped
W:\softwares\Satellite_TV_for_PC_2008_Elite_Edition\Satellite TV for PC 2008 Elite Edition\Setup.exe Rsrc-Package: infected - 2 skipped
W:\softwares\Elephant.0.0.1.1B_made_by_yk\(E)lephant by SK\Plugins\(E)lephant - MU.Downloader.exe Infected: Worm.Win32.AutoRun.cfp skipped
W:\System Volume Information\_restore{6D461B1C-7BE8-4035-B5FB-62ADF7149126}\RP653\change.log Object is locked skipped
Y:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
Y:\System Volume Information\_restore{6D461B1C-7BE8-4035-B5FB-62ADF7149126}\RP653\change.log Object is locked skipped
Scan process completed.
I really hope you take heed. Otherwise I have just wasted my time here. Always check every downloaded files with your antivirus and/or antispyware before using them (or better if you remove the P2P softwares, they are risky itself).
Let's remove the infected files....
1. Please open Notepad
- Click Start , then Run
- Type notepad.exe in the Run Box.
2. Now copy/paste the entire content of the codebox below into the Notepad window:3. Save the above as CFScript.txt
4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.
5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
I'll be extra careful now....
the combofix did not run. It only showed the dos text box and was gone.
I'm off to work,I'll be back at lunch..
thank you again...
Hello again...I'm back for lunch.....
still the combofix goes out after the dos text box.
Please download the OTMoveIt2 by OldTimer.
- Save it to your desktop.
- Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
- Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
- Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
- Click the red Moveit! button.
- A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
- Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.After OTMoveIT2,
- Download HJTInstall.exe to your Desktop.
- Doubleclick HJTInstall.exe to install it.
- By default it will install to C:\Program Files\Trend Micro\HijackThis .
- Click on Install.
- It will create a HijackThis icon on the desktop.
- Once installed, it will launch Hijackthis.
- Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
- Copy/Paste the log to your next reply please.
Don't use the Analyse This button, its findings are dangerous if misinterpreted.Don't have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.
Here are the logs....Thank you..
< C:\Documents and Settings\Maimai\Application Data\Thinstall\Megaupload Toolbar\%Profile%\Local Settings\Temporary Internet Files\Content.IE5\A7J139M2\Nudge%20Madness[1].rar >
C:\Documents and Settings\Maimai\Application Data\Thinstall\Megaupload Toolbar\%Profile%\Local Settings\Temporary Internet Files\Content.IE5\A7J139M2\Nudge%20Madness[1].rar moved successfully.
C:\Documents and Settings\Maimai\My Documents\My Music\Shared\Eighties classic (wonderwoman).wma moved successfully.
C:\Documents and Settings\Maimai\My Documents\My Music\Shared\gloc9 ost kung fu kids.mp3 moved successfully.
C:\Documents and Settings\Maimai\My Documents\My Music\Shared\karate sound clip.mp3 moved successfully.
C:\Documents and Settings\Maimai\My Documents\My Music\Shared\sound effects fx camera shutte.mp3 moved successfully.
C:\Downloads\E-lephant.0.0.1.1B\(E)lephant by SK\Plugins\(E)lephant - MU.Downloader.exe moved successfully.
File/Folder W:\softwares\Adobe\Adobe.Photoshop.Lightroom.v1.3. 1.Multilingual.Incl.Keymaker-CORE\Adobe.Photoshop.Lightroom.v1.3.1.Multilingual .Incl.Keymaker-CORE\LTRM_WWEFG_win.exe not found.
W:\softwares\Adobe\ADOBEKeygens\Keygens\Photoshop CS3 Keygen + Activation.exe moved successfully.
File/Folder W:\softwares\TuneUpUtilities2008v7.0.7992.NewFully Patch.exel\TU2008 Keymaker_REA\TuneUp2008 Keymaker.exe not found.
File/Folder W:\softwares\TuneUpUtilities2008v7.0.7992.NewFully Patch.exel\Keygen by Team FFF\Keygen.exe not found.
W:\softwares\id3 editor new.zip moved successfully.
File/Folder W:\softwares\Satellite_TV_for_PC_2008_Elite_Editio n\Satellite TV for PC 2008 Elite Edition\Setup.exe not found.
File/Folder W:\softwares\Elephant.0.0.1.1B_made_by_yk\(E)lepha nt by SK\Plugins\(E)lephant - MU.Downloader.exe not found.
OTMoveIt2 by OldTimer - Version 1.0.4.1 log created on 04082008_171252
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:14:51 PM, on 4/8/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\tsnp2std.exe
C:\WINDOWS\vsnp2std.exe
C:\Program Files\FlashGet\flashget.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Documents and Settings\Maimai\Local Settings\Application Data\Google\Update\1.1.25.0\GoogleUpdate.exe
C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\SatSrv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Steganos Security Suite 2007\SteganosAgent.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Steganos Password Manager AutoFill - {1427A821-7B93-4F08-9A34-9FA03A3D93DB} - C:\Program Files\Steganos Security Suite 2007\PasswordManagerBHO.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: (no name) - {98279C38-DE4B-4bcf-93C9-8EC26069D6F4} - (no file)
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [DrvLsnr] C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [tsnp2std] C:\WINDOWS\tsnp2std.exe
O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe
O4 - HKLM\..\Run: [Flashget] C:\Program Files\FlashGet\flashget.exe /min
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Maimai\Local Settings\Application Data\Google\Update\1.1.25.0\GoogleUpdate.exe" /lang en
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {EA7F451B-94DD-4009-A8BF-8F977B0B2696} - http://pbells.broadjump.com/wizlet/StandardInstall/static/controls/WebflowActiveXInstaller_4-2-0.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Steganos AntiTheft - Unknown owner - C:\WINDOWS\system32\\SatSrv.exe
--
End of file - 9844 bytes
< C:\Documents and Settings\Maimai\Application Data\Thinstall\Megaupload Toolbar\%Profile%\Local Settings\Temporary Internet Files\Content.IE5\A7J139M2\Nudge%20Madness[1].rar >
C:\Documents and Settings\Maimai\Application Data\Thinstall\Megaupload Toolbar\%Profile%\Local Settings\Temporary Internet Files\Content.IE5\A7J139M2\Nudge%20Madness[1].rar moved successfully.
C:\Documents and Settings\Maimai\My Documents\My Music\Shared\Eighties classic (wonderwoman).wma moved successfully.
C:\Documents and Settings\Maimai\My Documents\My Music\Shared\gloc9 ost kung fu kids.mp3 moved successfully.
C:\Documents and Settings\Maimai\My Documents\My Music\Shared\karate sound clip.mp3 moved successfully.
C:\Documents and Settings\Maimai\My Documents\My Music\Shared\sound effects fx camera shutte.mp3 moved successfully.
C:\Downloads\E-lephant.0.0.1.1B\(E)lephant by SK\Plugins\(E)lephant - MU.Downloader.exe moved successfully.
File/Folder W:\softwares\Adobe\Adobe.Photoshop.Lightroom.v1.3. 1.Multilingual.Incl.Keymaker-CORE\Adobe.Photoshop.Lightroom.v1.3.1.Multilingual .Incl.Keymaker-CORE\LTRM_WWEFG_win.exe not found.
W:\softwares\Adobe\ADOBEKeygens\Keygens\Photoshop CS3 Keygen + Activation.exe moved successfully.
File/Folder W:\softwares\TuneUpUtilities2008v7.0.7992.NewFully Patch.exel\TU2008 Keymaker_REA\TuneUp2008 Keymaker.exe not found.
File/Folder W:\softwares\TuneUpUtilities2008v7.0.7992.NewFully Patch.exel\Keygen by Team FFF\Keygen.exe not found.
W:\softwares\id3 editor new.zip moved successfully.
File/Folder W:\softwares\Satellite_TV_for_PC_2008_Elite_Editio n\Satellite TV for PC 2008 Elite Edition\Setup.exe not found.
File/Folder W:\softwares\Elephant.0.0.1.1B_made_by_yk\(E)lepha nt by SK\Plugins\(E)lephant - MU.Downloader.exe not found.
OTMoveIt2 by OldTimer - Version 1.0.4.1 log created on 04082008_171252
Find and remove these files
W:\softwares\Adobe\Adobe.Photoshop.Lightroom.v1.3. 1.Multilingual.Incl.Keymaker-CORE\Adobe.Photoshop.Lightroom.v1.3.1.Multilingual .Incl.Keymaker-CORE\LTRM_WWEFG_win.exe
W:\softwares\TuneUpUtilities2008v7.0.7992.NewFully Patch.exel\TU2008 Keymaker_REA\TuneUp2008 Keymaker.exe
W:\softwares\TuneUpUtilities2008v7.0.7992.NewFully Patch.exel\Keygen by Team FFF\Keygen.exe
W:\softwares\Satellite_TV_for_PC_2008_Elite_Editio n\Satellite TV for PC 2008 Elite Edition\Setup.exe
W:\softwares\Elephant.0.0.1.1B_made_by_yk\(E)lepha nt by SK\Plugins\(E)lephant - MU.Downloader.exe
====================================================
Restore Original Hosts File
- Please download HostsXpert from here
- Extract the file HostsXpert.exe to your desktop and run it.
- Press 'Restore Original Hosts' and press 'OK'
- Exit Program.
Note: if you were using a custom Hosts file you will need to replace any of those entries yourself.You can remove HostsXpert if you think you don't need it anymore.
====================================================
Please download ATF Cleaner by Atribune.
- Double-click ATF-Cleaner.exe to run the program.
If you use Firefox browserUnder Main choose: Select All
Click the Empty Selected button.
- Click Firefox at the top and choose: Select All
If you use Opera browserClick the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
- Click Opera at the top and choose: Select All
Click Exit on the Main menu to close the program.Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
For Technical Support, double-click the e-mail address located at the bottom of each menu.
====================================================
- Click Start, then click Run.
- Enter into the command box that opens: combofix /u and then click OK.
====================================================Next we remove all used tools.
Please download OTMoveIt2 and save it to desktop.
- Double-click OTMoveIt2.exe.
- Click the CleanUp! button.
- Select Yes when the "Begin cleanup Process?" prompt appears.
- If you are prompted to Reboot during the cleanup, select Yes.
- The tool will delete itself once it finishes, if not delete it by yourself.
Note: If you receive a warning from your firewall or other security programs regarding OTMoveIt2 attempting to contact the internet, please allow it to do so.====================================================
How is the computer doing now?
It's working very well! Thank you very, very much....
What anti-virus/spyware would you recommend?
AVG Anti-Spyware, Malwarebytes' Anti-Malware, and SUPERAntiSpyware are good antispyware programs.
You need also a firewall. I prefer Comodo and Online Armor. They are free!
I'll stick to the free ones!! thank you very much for your help and advice
and more power to you!!! God Bless Finland.
sincerely,
alfie
Mindanao
Philippines:bigggrin:
Clean up System Restore
You can find instructions on how to disable and enable System Restore from these guides:
Disable And Enable System Restore
Windows XP System Restore Guide
Make Your Internet Explorer More Secure
This can be done by following these simple instructions:
- From within Internet Explorer click on the tools menu and then click on Options
- Click once on the "Security" tab
- Click once on the "Internet" icon so it becomes highlighted
- Click once on the Custom Level button.
- Change the "Download signed ActiveX" controls to Prompt
- Change the "Download unsigned ActiveX" controls to Disable
- Change the "Initialize and script ActiveX controls" not marked as safe to Disable
- Change the "Launching programs and files in an IFRAME" to Prompt
- Change the "Navigate sub-frames across different domains" to Prompt
- When all these settings have been made, click on the OK button.
- If it prompts you as to whether or not you want to save the settings, press the Yes button.
- Next press the Apply button and then the OK to exit the Internet Properties page.
Note that Internet Explorer is not the most secure browser. There are safer (and better) alternatives available like Opera and Firefox.Keep Your System Up to date
It is imperative that you keep your Windows, Antivirus, and other softwares up to date. Otherwise you are not protected against new threats and your system is vulnerable and unsafe. Update your Antivirus software at least once a week, and visit Microsoft Windows Update site regularly.
Install SpywareBlaster
SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.
A tutorial on installing & using this product can be found here:
Using SpywareBlaster to protect your computer from Spyware, Hijackers, and Malware
Additional Utilities and Tips to Enhance Your Safety
- MVPS Hosts file --- The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer.
- Comodo BOCLEAN --- Stop identity thieves from getting personal information. Instantly detects well over 1,000,000 unique, variant and repack malware in total. And it's free.
- Winpatrol --- Download and install the free version of Winpatrol. A tutorial for this product is located here: Using Winpatrol to protect your computer from malicious software
Get more knowledge about how to protecet your computer and prevent malware issues by reading these short articles:- How to prevent Malware by miekiemoes
- So How Did I Get Infected In First Place by Tony Klein
- Ten Commandments for Your Computer Sanity by BitDefender
Happy surfing and stay clean!I've installed free versions of comodo and anti virus / spyware....
Thank you very much for your help.....:bigggrin:
This topic is now closed. If you wish it reopened, please send a Private Message to Trogan with a link to your thread.
If you are not the user who started this thread, you must start your own Thread instead