sdornan7

I got a pop-up on a poker site I was playing on saying someone else had logged in under my username, so I did a scan with AVG and it came up with this? AVG healed it, do I have anything still to worry about? It was in a .rar that I downloaded about 5 months ago and I've not had problems up until now. I haven't noticed anything wrong with my system. If it was a keylogger wouldn't something have happened before now? The weird thing was, earlier by mistake I typed my password into the "username" field on the poker site and it appeared on the screen then within an hour someone had tried to use it! Is it possible for someone to see my screen with a trojan like this?

I have performed scans with AVG, AdAware 2007 and Spybot S&D which have found nothing so apologies if I'm worrying about nothing. I had a previous experience with a virus which I thought was gone so I want to make sure this time. I play a lot of poker online so I want to make sure it's gone before I play again so my funds are not compromised. I have also installed SnoopFree should this help?

Thanks in advance. Here is the log with the extra one attached.

Deckard's System Scanner v20071014.68
Run by Bubbles on 2008-02-28 00:16:14
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
83: 2008-02-28 00:16:24 UTC - RP242 - Deckard's System Scanner Restore Point
82: 2008-02-27 23:48:52 UTC - RP241 - Installed Adobe Reader 8.1.2
81: 2008-02-27 23:47:51 UTC - RP240 - Removed Adobe Reader 8.1.1
80: 2008-02-27 23:29:15 UTC - RP239 - Installed Ad-Aware 2007
79: 2008-02-27 23:29:06 UTC - RP238 - Removed Ad-Aware SE Personal


-- First Restore Point --
1: 2007-11-29 20:04:52 UTC - RP160 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-02-28 00:17:55
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Grisoft\AVG7\avgamsvr.exe
C:\Program Files\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Grisoft\AVG7\avgemc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wwSecure.exe
C:\WINDOWS\soundman.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\WINDOWS\system32\nvraidservice.exe
C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe
C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
C:\Program Files\VoyagerTest\fts.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe
C:\Program Files\Common Files\AOL\1181313298\ee\aolsoftware.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\Webroot\Washer\wwDisp.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\trayit\trayit!.exe
C:\WINDOWS\system32\WISPTIS.EXE
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Documents and Settings\Bubbles\Desktop\dss.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://google/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\system32\nvraidservice.exe
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
O4 - HKLM\..\Run: [%FP%Friendly fts.exe] "C:\Program Files\VoyagerTest\fts.exe"
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1181313298\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime Alternative\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SnoopFreeUI] SnoopFreeUI.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe
O4 - HKCU\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" -NoStart
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\RunOnce: [ypagerps] cmd.exe /C del "C:\Program Files\Yahoo!\Messenger\ypagerps.dll"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: TrayIt!.lnk = C:\trayit\trayit!.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (file missing)
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (file missing)
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: PacificPoker4 - {94EDF7B4-4272-4af3-8F8B-4E2F68E225B7} - C:\Program Files\PacificPoker4\PacificPoker.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Bubbles\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-GB/.../GAME_UNO1.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab
O17 - HKLM\SYSTEM\CCS\Services\Tcpip\..\{53BAF3F3-8241-4A7F-82EC-50587C88C575}: NameServer = 205.188.146.145
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: lid - {5C135180-9973-46D9-ABF4-148267CBB8BF} - C:\WINDOWS\system32\msvidctl.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG7\avgemc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: PostgreSQL Database Server 8.2 (pgsql-8.2) - PostgreSQL Global Development Group - C:\Program Files\PostgreSQL\8.2\bin\pg_ctl.exe
O23 - Service: SnoopFree Service (SnoopFreeSvc) - Unknown owner - C:\WINDOWS\system32\SnoopFreeSvc.exe
O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Washer Security Access (wwSecSvc) - Webroot Software, Inc. - C:\WINDOWS\system32\wwSecure.exe


--
End of file - 12439 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R3 pcouffin (VSO Software pcouffin) - c:\windows\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>

S0 SnoopFree (SnoopFree Driver) - c:\windows\system32\drivers\snopfree.sys


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 Bonjour Service - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Inc.; Bonjour>
R2 pgsql-8.2 (PostgreSQL Database Server 8.2) - "c:\program files\postgresql\8.2\bin\pg_ctl.exe" runservice -n "pgsql-8.2" -d "c:\program files\postgresql\8.2\data\" <Not Verified; PostgreSQL Global Development Group; PostgreSQL>

S2 SnoopFreeSvc (SnoopFree Service) - system32\snoopfreesvc.exe
S3 PACSPTISVR - "c:\program files\common files\sony shared\avlib\pacsptisvr.exe" <Not Verified; ; PACSPTISVR Module>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: NVIDIA nForce Networking Controller
Device ID: {1A3E09BE-1E45-494B-9174-D7385B45BBF5}\NVNET_DEV00DF\4&1A87BEAE&0&01
Manufacturer: Nvidia
Name: NVIDIA nForce Networking Controller
PNP Device ID: {1A3E09BE-1E45-494B-9174-D7385B45BBF5}\NVNET_DEV00DF\4&1A87BEAE&0&01
Service: NVENETFD

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Marvell Yukon 88E8001/8003/8010 PCI Gigabit Ethernet Controller
Device ID: PCI\VEN_11AB&DEV_4320&SUBSYS_E0001458&REV_13\4&3191A3E6&0&5870
Manufacturer: Marvell
Name: Marvell Yukon 88E8001/8003/8010 PCI Gigabit Ethernet Controller
PNP Device ID: PCI\VEN_11AB&DEV_4320&SUBSYS_E0001458&REV_13\4&3191A3E6&0&5870
Service: yukonwxp

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: RAID Controller
Device ID: PCI\VEN_1095&DEV_3512&SUBSYS_65121095&REV_01\4&3191A3E6&0&6870
Manufacturer:
Name: RAID Controller
PNP Device ID: PCI\VEN_1095&DEV_3512&SUBSYS_65121095&REV_01\4&3191A3E6&0&6870
Service:


-- Scheduled Tasks -------------------------------------------------------------

2008-01-21 11:44:04 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2008-01-28 and 2008-02-28 -----------------------------

2008-02-28 00:10:39 90112 --a------ C:\WINDOWS\system32\SnoopFreeSvc.exe
2008-02-28 00:10:39 9472 --a------ C:\WINDOWS\system32\drivers\SnopFree.sys
2008-02-28 00:10:39 221184 --a------ C:\WINDOWS\SnoopFreeUI.exe <Not Verified; SnoopFree Software; SnoopFree Privacy Shield>
2008-02-28 00:10:39 45056 --a------ C:\WINDOWS\SnoopFreeDll.dll
2008-02-27 23:29:16 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-02-27 21:24:41 44928 --a------ C:\WINDOWS\system32\drivers\SDTHOOK.SYS <Not Verified; Panda Software; Panda® Antivirus>
2008-02-27 21:12:33 0 d-------- C:\WINDOWS\LastGood
2008-02-23 19:54:57 0 d-------- C:\Program Files\William Hill Poker
2008-02-21 06:52:38 40 --a------ C:\WINDOWS\ujf635.bin
2008-02-21 06:49:47 0 d--h----- C:\WINDOWS\msdownld.tmp
2008-02-21 06:48:43 0 d-------- C:\Program Files\Betfair
2008-02-21 06:48:43 0 d-------- C:\Documents and Settings\Bubbles\Application Data\Betfair
2008-02-20 18:45:03 0 d-------- C:\Documents and Settings\All Users\Application Data\Sony Ericsson
2008-02-20 18:44:17 0 d-------- C:\Program Files\Common Files\Sony Ericsson Shared
2008-02-20 18:44:09 0 d-------- C:\Program Files\Common Files\Teleca Shared
2008-02-20 18:43:53 0 d-------- C:\Program Files\Sony Ericsson
2008-02-20 18:43:53 0 d-------- C:\Documents and Settings\All Users\Application Data\Teleca
2008-02-20 16:41:56 0 d-------- C:\Program Files\iPod
2008-02-20 16:41:07 0 d-------- C:\Program Files\iTunes
2008-02-20 16:29:47 0 d-------- C:\Program Files\Bonjour
2008-02-20 16:23:26 0 d-------- C:\Program Files\Apple Software Update
2008-02-20 16:21:26 0 d-------- C:\Program Files\Common Files\Apple
2008-02-20 16:21:23 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-02-17 22:48:00 0 d-------- C:\Program Files\uTorrent
2008-02-17 22:47:18 0 d-------- C:\Documents and Settings\Bubbles\Application Data\uTorrent
2008-02-17 17:05:12 0 d-------- C:\Cracked
2008-02-05 16:49:05 10809376 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-02-05 16:17:34 0 d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2008-02-02 19:24:41 583 --a------ C:\WINDOWS\eReg.dat
2008-02-02 19:13:10 0 d-------- C:\Program Files\Maxis
2008-01-29 11:53:33 47360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
2008-01-29 11:53:33 47360 --a------ C:\Documents and Settings\Bubbles\Application Data\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
2008-01-29 11:53:32 0 d-------- C:\Documents and Settings\Bubbles\Application Data\Vso
2008-01-29 11:52:53 217127 --a------ C:\WINDOWS\system32\drv43260.dll <Not Verified; RealNetworks, Inc.; RealVideo 9 (32-bit)>
2008-01-29 11:52:53 208935 --a------ C:\WINDOWS\system32\drv33260.dll <Not Verified; RealNetworks, Inc.; RealVideo 8 (32-bit)>
2008-01-29 11:52:53 176165 --a------ C:\WINDOWS\system32\drv23260.dll <Not Verified; RealNetworks, Inc.; RealVideo G2 (32-bit)>
2008-01-29 11:52:53 65602 --a------ C:\WINDOWS\system32\cook3260.dll <Not Verified; RealNetworks, Inc.; RealPlayer 10>
2008-01-29 11:52:50 0 d-------- C:\Program Files\VSO
2008-01-28 19:07:02 0 d-------- C:\Program Files\WM Converter
2008-01-28 18:40:51 0 d-------- C:\Program Files\Common Files\Nero
2008-01-28 18:40:41 0 d-------- C:\Program Files\Common Files\LightScribe
2008-01-28 18:38:59 364544 -----n--- C:\WINDOWS\system32\TwnLib4.dll <Not Verified; Pegasus Imaging Corp.; TwnLib4>
2008-01-28 18:38:59 106496 --a------ C:\WINDOWS\system32\TwnLib20.dll <Not Verified; Pegasus Software; TWNLIB20>
2008-01-28 18:38:53 471040 -----n--- C:\WINDOWS\system32\ImagXRA7.dll <Not Verified; Pegasus Imaging Corp.; ImagXpress7>
2008-01-28 18:38:53 262144 -----n--- C:\WINDOWS\system32\ImagXR7.dll <Not Verified; Pegasus Imaging Corp.; ImagXpress7>
2008-01-28 18:38:53 1568768 -----n--- C:\WINDOWS\system32\ImagX7.dll <Not Verified; Pegasus Imaging Corp.; ImagXpress7>
2008-01-28 18:38:50 155648 --a------ C:\WINDOWS\system32\NeroCheck.exe <Not Verified; Ahead Software Gmbh; Ahead Software Gmbh NeroCheck>
2008-01-28 18:38:45 0 d-------- C:\Program Files\Common Files\Ahead
2008-01-28 18:38:44 0 d-------- C:\Program Files\Ahead


-- Find3M Report ---------------------------------------------------------------

2008-02-27 23:49:16 0 d-------- C:\Program Files\Common Files\Adobe
2008-02-27 23:29:16 0 d-------- C:\Program Files\Lavasoft
2008-02-27 23:29:09 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-02-27 21:49:51 0 d-------- C:\Documents and Settings\Bubbles\Application Data\AVG7
2008-02-27 21:22:23 0 d-------- C:\Program Files\BT Voyager 105 ADSL Modem
2008-02-27 21:22:21 0 d-------- C:\Program Files\VoyagerTest
2008-02-27 21:21:35 0 d-------- C:\Program Files\InterPoker
2008-02-27 21:17:42 32852 --a------ C:\Documents and Settings\Bubbles\Application Data\vso_ts_preview.xml
2008-02-25 01:31:50 0 d-------- C:\Program Files\Poker Tracker V2
2008-02-22 01:01:35 0 d-------- C:\Program Files\Winamp
2008-02-22 01:00:00 0 d-------- C:\Program Files\Yahoo!
2008-02-22 00:59:19 0 d-------- C:\Program Files\Windows Media Connect 2
2008-02-22 00:56:25 0 d-------- C:\Program Files\LimeWire
2008-02-20 18:44:17 0 d-------- C:\Program Files\Common Files
2008-02-20 16:28:36 0 d-------- C:\Program Files\QuickTime Alternative
2008-02-19 16:16:42 0 d-------- C:\Program Files\PokerAce Hud
2008-02-19 16:04:37 0 d-------- C:\Program Files\PartyGaming
2008-02-17 23:09:04 0 d-------- C:\Documents and Settings\Bubbles\Application Data\Azureus
2008-02-17 19:49:51 0 d-------- C:\Program Files\Full Tilt Poker
2008-02-13 22:59:24 0 d-------- C:\Documents and Settings\Bubbles\Application Data\Adobe
2008-02-09 15:18:35 0 d-------- C:\Program Files\AOL Toolbar
2008-02-05 16:22:02 4212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2008-02-02 19:13:45 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-01-29 11:53:55 34 --a------ C:\Documents and Settings\Bubbles\Application Data\pcouffin.log
2008-01-29 11:53:33 1144 --a------ C:\Documents and Settings\Bubbles\Application Data\pcouffin.inf
2008-01-29 11:53:33 7887 --a------ C:\Documents and Settings\Bubbles\Application Data\pcouffin.cat
2008-01-02 14:03:04 0 d-------- C:\Program Files\PC Wizard 2008 ORCA Logic Edition
2008-01-01 22:22:37 0 d-------- C:\Program Files\PokerStars
2007-12-29 17:34:15 0 d-------- C:\Documents and Settings\Bubbles\Application Data\Sony Corporation
2007-12-29 17:20:30 0 d-------- C:\Program Files\Sony
2007-12-29 17:15:21 0 d-------- C:\Program Files\Common Files\Sony Shared
2007-12-15 22:10:00 43749 --a------ C:\WINDOWS\system32\unins000.dat
2007-12-15 22:02:52 684549 --a------ C:\WINDOWS\system32\unins000.exe <Not Verified; ; Inno Setup>
2007-12-13 20:27:04 662016 --a------ C:\WINDOWS\system32\xvidcore.dll
2007-12-13 20:27:04 405504 --a------ C:\WINDOWS\system32\libmplayer.dll
2007-12-13 20:27:04 114688 --a------ C:\WINDOWS\system32\libmpeg2_ff.dll
2007-12-13 20:27:04 3106304 --a------ C:\WINDOWS\system32\libavcodec.dll
2007-12-13 20:27:04 529408 --a------ C:\WINDOWS\system32\ff_x264.dll
2007-12-13 20:27:04 26624 --a------ C:\WINDOWS\system32\ff_wmv9.dll
2007-12-13 20:27:04 38400 --a------ C:\WINDOWS\system32\ff_unrar.dll
2007-12-13 20:27:04 81408 --a------ C:\WINDOWS\system32\ff_tremor.dll
2007-12-13 20:27:04 143360 --a------ C:\WINDOWS\system32\ff_theora.dll
2007-12-13 20:27:04 122880 --a------ C:\WINDOWS\system32\ff_samplerate.dll
2007-12-13 20:27:04 97280 --a------ C:\WINDOWS\system32\ff_realaac.dll
2007-12-13 20:27:04 118784 --a------ C:\WINDOWS\system32\ff_libmad.dll
2007-12-13 20:27:04 245760 --a------ C:\WINDOWS\system32\ff_libfaad2.dll
2007-12-13 20:27:04 155648 --a------ C:\WINDOWS\system32\ff_libdts.dll
2007-12-13 20:27:04 40960 --a------ C:\WINDOWS\system32\ff_liba52.dll
2007-12-13 2052 7680 --a------ C:\WINDOWS\system32\ff_vfw.dll


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [06/21/2006 04:42 AM C:\WINDOWS\soundman.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [09/25/2007 01:11 AM]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [01/02/2006 03:41 PM]
"NVRaidService"="C:\WINDOWS\system32\nvraidservice.exe" [06/11/2004 10:15 AM]
"DSLSTATEXE"="C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe" [06/28/2003 03:10 PM]
"DSLAGENTEXE"="C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe" [08/19/2003 12:47 PM]
"%FP%Friendly fts.exe"="C:\Program Files\VoyagerTest\fts.exe" [05/06/2003 08:28 AM]
"AOLDialer"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" [10/23/2006 12:50 PM]
"AOL Spyware Protection"="C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe" [10/18/2004 03:42 PM]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [12/21/2007 01:44 PM]
"HostManager"="C:\Program Files\Common Files\AOL\1181313298\ee\AOLSoftware.exe" [05/25/2007 05:16 PM]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [11/14/2007 04:05 PM]
"QuickTime Task"="C:\Program Files\QuickTime Alternative\QTTask.exe" [01/31/2008 11:13 PM]
"@"="" []
"POEngine"="" []
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 10:16 PM]
"SnoopFreeUI"="SnoopFreeUI.exe" [02/28/2008 12:10 AM C:\WINDOWS\SnoopFreeUI.exe]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [02/07/2007 02:39 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/03/2004 11:56 PM]
"Window Washer"="C:\Program Files\Webroot\Washer\wwDisp.exe" [08/08/2005 12:48 PM]
"OM2_Monitor"="C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" [05/28/2007 04:02 PM]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [08/30/2007 05:43 PM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce]
"ypagerps"=cmd.exe /C del "C:\Program Files\Yahoo!\Messenger\ypagerps.dll"

C:\Documents and Settings\Bubbles\Start Menu\Programs\Startup\
TrayIt!.lnk - C:\trayit\trayit!.exe [08/25/2007 11:58:25 PM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk
backup=C:\WINDOWS\pss\InterVideo WinCinema Manager.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Bubbles^Start Menu^Programs^Startup^IMVU.lnk]
path=C:\Documents and Settings\Bubbles\Start Menu\Programs\Startup\IMVU.lnk
backup=C:\WINDOWS\pss\IMVU.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
"C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\POEngine]
"C:\Program Files\PokerOffice\POEngine.exe" C:\Program Files\PokerOffice

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime Alternative\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
"C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
"C:\Program Files\Winamp\winampa.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{efb9266a-0d1c-11dc-811b-806d6172696f}]
AutoRun\command- E:\install.exe

*Newly Created Service* - AAWSERVICE
*Newly Created Service* - ATWPKT2
*Newly Created Service* - KTREMXUBGVVE
*Newly Created Service* - RKPAVPROC
*Newly Created Service* - SDTHOOK



-- End of Deckard's System Scanner: finished at 2008-02-28 00:19:33 ------------

Attached Files

extra.txt (22.5 KB, 1 views)

sdornan7

**Bump**

sdornan7

Anyone?

sdornan7

I only want to know if my log is clean can no-one help? I waited the 72 hours and then another 24 hours and still no reply?

forhockey

Hi sdornan7,

Sorry for the delay in looking into your log, as we are extremely busy at this time. Many people have to wait much longer than 72 hrs until they receive help from someone. All the helpers here are volunteers who help those like yourself on our free time. With that said it is impossible to help every single post out there on a timely matter.

--------------------------------------------------------------

If your worried about someone trying to gain access to your poker account, then I would suggest you frequently change your password once a month. Right now would probably be the best time to change your password, since your logs are clean. The best password is a complex one. Makes it harder for someone to break into.

More info here


SnoopFree is an excellent program to have, so it will help keep your privacy.

--------------------------------------------------------------

There isn't anything showing in your logs. There is one program I would suggest removing though:

Click > Start > Control Panel > Add / Remove Programs and uninstall the following program:

Viewpoint Media Player <<<this is considered foistware instead of malware since it is installed without users approval, but doesn't spy or do anything "bad". Read this article: http://www.clickz.com/news/article.php/3561546

Additional info: http://vil.nai.com/vil/content/v_137262.htm

__________________

sdornan7

That's great, thanks! I was just anxious for a reply as my sole source of income is poker and I didn't want to play while I was waiting just to be sure.

I always do use strong passwords for anything cash-related, on further thought I used the same password on a dubious poker forum so that may have had something to do with it.

Again, thanks for the help.

forhockey

Totally understandable and I would be anxious if I were you... Best to make different passwords for forums and financial accounts.

Was my pleasure.

Take care.

__________________