|
|
|
|
|||||
|
|
|
|
|
|
|||
| Welcome
to Tech Support Forum home to more then 136,000 problems solved. Issues
have included: Spyware, Malware, Virus Issues, Windows, Microsoft,
Linux, Networking, Security, Hardware, and Gaming Getting your
problem solved is as easy as: 1. Registering for a free account 2. Asking your question 3. Receiving an answer Registered members: * See fewer ads. * And much more..
|
| Want to know how to post a question? click here | Having problems with spyware and pop-ups? First Steps |
|
|||||||
| HijackThis Log Help Get Rid Of Malware With Help From Our Analysts. Follow the "First Steps" link at the top right of each page before posting for help. |
 |
|
|
Thread Tools |
04-11-2008, 01:54 AM
|
#1 (permalink) |
|
Registered User
Join Date: Dec 2007
Posts: 16
OS: WinXP
|
Please help - infected with something
Please help - have becomeinfected with something. Keep getting a window popping up saying my computer is infected and trying to get me to buy something called Virus Shield. I also have a flashing yellow triangle in my taskbar although this seems to come and go. Computer seems to be running really slowly and firewall keeps asking whether I want to allow internet access to C:/Program Files\NetProject\scit.exe - I have denied so far but a totally blank window opens anyway.
I don't appear to have any abvious (to me) bad programs and have tried to run Panda Scan but it just says I am not infected and doesn't produce a log of any kind. Have run DSS and logs attached. Have also tried ComboFix as you helped me with that previously and have attached log also. Will not let me attach so text included. I have Spyware Blaster and IE Spyad already installed and have checked Microsoft for updates but non available. Thanks in advance Deckard's System Scanner v20071014.68 Run by glynis on 2008-04-10 15:02:46 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- System Restore -------------------------------------------------------------- Successfully created a Deckard's System Scanner Restore Point. -- Last 5 Restore Point(s) -- 38: 2008-04-10 14:03:37 UTC - RP208 - Deckard's System Scanner Restore Point 37: 2008-04-09 21:39:57 UTC - RP207 - Software Distribution Service 3.0 36: 2008-04-08 16:50:26 UTC - RP206 - System Checkpoint 35: 2008-04-05 19:52:25 UTC - RP205 - Removed Windows Defender 34: 2008-04-05 19:49:25 UTC - RP204 - Removed Creative Photo Calendar -- First Restore Point -- 1: 2008-02-18 20:16:14 UTC - RP171 - System Checkpoint Backed up registry hives. Performed disk cleanup. Percentage of Memory in Use: 76% (more than 75%). Total Physical Memory: 246 MiB (512 MiB recommended). System Drive C: has 5.52 GiB (less than 15%) free. -- HijackThis Clone ------------------------------------------------------------ Emulating logfile of Trend Micro HijackThis v2.0.2 Scan saved at 2008-04-10 15  42Platform: Windows XP Service Pack 2 (5.01.2600) MSIE: Internet Explorer (7.00.6000.16640) Boot mode: Normal Running processes: C:\WINDOWS\system32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\explorer.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Comodo\Firewall\cmdagent.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS C:\WINDOWS\system32\svchost.exe C:\Program Files\NetProject\scit.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\NetProject\sbmntr.exe C:\Program Files\Digital Media Reader\shwiconEM.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\NetProject\sbsm.exe C:\WINDOWS\zHotkey.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Philips\Philips Device Manager\bin\DeviceManager.exe C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe C:\WINDOWS\V0220Mon.exe C:\Program Files\Creative\Shared Files\CTSched.exe C:\Program Files\Alwil Software\Avast4\ashDisp.exe C:\Program Files\Sony\CONNECTAutoUpdate\CONNECTScheduler.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Comodo\Firewall\cpf.exe C:\Program Files\Spamihilator\spamihilator.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Microsoft Office\OFFICE12\GrooveMonitor.exe C:\Program Files\Creative\Shared Files\Software Update\AutoUpdate.exe C:\Program Files\Philips\Philips Lime Service\bin\LimeAlive.exe C:\Program Files\Philips\Philips Lime Service\bin\Lime.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe C:\Program Files\Sony\CONNECTAutoUpdate\CONNECTAUTrayApp.exe C:\Program Files\Common Files\Sony Shared\GMR\GMRMan.exe C:\Program Files\Webshots\Webshots.scr C:\Program Files\Sony\CONNECTAutoUpdate\CONNECTAutoUpdate.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Program Files\BitComet\BitComet.exe C:\Documents and Settings\glynis\Desktop\dss.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/search?q=%s R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft.com/isapi/redir...ie&ar=iesearch O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\OFFICE12\GrooveShellExtensions.dll O2 - BHO: (no name) - {7C109800-A5D5-438F-9640-18D17E168B88} - C:\Program Files\NetProject\sbmdl.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\GoogleToolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll O2 - BHO: (no name) - {F6E20ADE-8CE8-492c-BCBA-ABF3EF2DE4E8} - C:\WINDOWS\system32\\msrdo20x24.dll (file missing) O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar1.dll O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [CHotkey] zHotkey.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [PhilipsDM] "C:\Program Files\Philips\Philips Device Manager\Bin\DeviceManager.exe" O4 - HKLM\..\Run: [AVFX Engine] C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe O4 - HKLM\..\Run: [V0220Mon.exe] C:\WINDOWS\V0220Mon.exe O4 - HKLM\..\Run: [CreativeTaskScheduler] "C:\Program Files\Creative\Shared Files\CTSched.exe" /logon O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [CONNECTScheduler] "C:\Program Files\Sony\CONNECTAutoUpdate\CONNECTScheduler.exe" /RUN_SCHEDULER O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background O4 - HKLM\..\Run: [Spamihilator] "C:\Program Files\Spamihilator\spamihilator.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [Creative Software Update] "C:\Program Files\Creative\Shared Files\Software Update\AutoUpdate.exe" /Silent O4 - HKCU\..\Run: [PhilipsLime] "C:\Program Files\Philips\Philips Lime Service\bin\LimeAlive.exe" O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9 O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon O4 - HKLM\..\Policies\Explorer\Run: [some] C:\Program Files\NetProject\scit.exe O4 - HKLM\..\Policies\Explorer\Run: [start] C:\Program Files\NetProject\sbmntr.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: CONNECTAUTrayApp.lnk = C:\Program Files\Sony\CONNECTAutoUpdate\CONNECTAUTrayApp.exe O4 - Global Startup: Install Pending Files.LNK = C:\Program Files\SIFXINST\SIFXINST.EXE O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\NPJPI150_02.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\NPJPI150_02.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\OFFICE12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\OFFICE12\ONBttnIE.dll O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.ieservicegate.com/redirect.php (file missing) O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.ieservicegate.com/redirect.php (file missing) O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing) O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/s...irector/sw.cab O16 - DPF: {2019DC25-D1C0-11D6-97B3-0008A124F542} (StreamPlug Class) - http://www.streamplug.com/StreamPlug/beta/SP.cab O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab O16 - DPF: {33331111-1111-1111-1111-615111193427} () - O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} () - http://download.mcafee.com/molbin/sh...1/mcinsctl.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-GB/.../GAME_UNO1.cab O16 - DPF: {64D01C7F-810D-446E-A07E-365764235644} (AtlAtomadersCtlAttrib Class) - http://kraisoft.com/files/realone/atomaders.cab O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} () - http://atv.disney.go.com/global/down.../OTOYAX29b.cab O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} () - http://fpdownload.macromedia.com/get.../ultrashim.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} (VideoEgg ActiveX Loader) - http://update.videoegg.com/Install/W...gPublisher.exe O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary...o.cab56649.cab O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game05.zylom.com/activex/zylomgamesplayer.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub...sh/swflash.cab O17 - HKLM\SYSTEM\CCS\Services\Tcpip\..\{25E505A9-E7CA-4F2C-817D-B70BF43D8F22}: NameServer = 195.92.195.95,195.92.195.94 O17 - HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222 O17 - HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222 O17 - HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\OFFICE12\GrooveSystemServices.dll O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll O18 - Protocol: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL O22 - SharedTaskScheduler: asparagine - {65bbf06c-ea06-4818-92a3-f3550d0e1004} - (no file) O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS O23 - Service: Sony SCSI Helper Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- End of file - 15101 bytes -- File Associations ----------------------------------------------------------- All associations okay. -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- R1 StarOpen - c:\windows\system32\drivers\staropen.sys R3 pcouffin (VSO Software pcouffin) - c:\windows\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine> S3 catchme - c:\docume~1\glynis\locals~1\temp\catchme.sys (file missing) S3 Ip6Fw (IPv6 Windows Firewall Driver) - c:\windows\system32\drivers\ip6fw.sys (file missing) S3 PCANDIS5 (PCANDIS5 NDIS Protocol Driver) - c:\windows\system32\pcandis5.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows> S3 SunkFilt (Alcor Micro Corp Reader) - c:\windows\system32\drivers\sunkfilt.sys <Not Verified; Alcor Micro Corp.; SunkFilt> -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled -------------------- R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service> -- Device Manager: Disabled ---------------------------------------------------- Class GUID: {4D36E978-E325-11CE-BFC1-08002BE10318} Description: Communications Port Device ID: ROOT\*PNP0501\1_0_17_0_0_0 Manufacturer: (Standard port types) Name: Communications Port (COM1) PNP Device ID: ROOT\*PNP0501\1_0_17_0_0_0 Service: Serial -- Scheduled Tasks ------------------------------------------------------------- 2008-04-09 17:20:32 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job 2008-04-06 03:00:01 498 --a------ C:\WINDOWS\Tasks\AdwareAlert Scheduled Scan.job -- Files created between 2008-03-10 and 2008-04-10 ----------------------------- 2008-04-10 14:11:55 0 --a------ C:\Documents and Settings\glynis\NULL 2008-04-10 11:59:17 0 d-------- C:\WINDOWS\system32\215651 2008-04-10 11:58:18 0 d-------- C:\Program Files\NetProject 2008-04-06 21:41:11 0 d-------- C:\Program Files\Cedelia 2008-04-06 21:33:48 2560 --a------ C:\WINDOWS\system32\bitcometres.dll <Not Verified; BitComet; BitComet BCTP Helper> 2008-04-06 21:28:36 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP 2008-04-06 21:28:15 0 d-------- C:\Program Files\SpywareBlaster 2008-04-05 13:03:42 0 d------c- C:\Documents and Settings\alan\Application Data\funkitron 2008-03-30 19:09:46 0 d------c- C:\Documents and Settings\alan\Application Data\Talkback 2008-03-30 19:05:08 0 --a------ C:\WINDOWS\nsreg.dat 2008-03-30 19:04:47 0 d------c- C:\Documents and Settings\alan\Application Data\Mozilla 2008-03-30 19:04:14 0 d-------- C:\Documents and Settings\All Users\Application Data\Mozilla 2008-03-29 14:35:20 0 d-------- C:\Documents and Settings\All Users\Application Data\PlayPond 2008-03-17 16:51:44 0 d-------- C:\Documents and Settings\nia\Application Data\Apple Computer 2008-03-14 17:44:28 0 d-------- C:\Program Files\Sony Ericsson 2008-03-14 17:44:27 0 d-------- C:\Documents and Settings\All Users\Application Data\Sony Ericsson 2008-03-14 17:44:04 0 d-------- C:\Documents and Settings\glynis\Application Data\InstallShield -- Find3M Report --------------------------------------------------------------- 2008-04-10 14:32:39 0 d-------- C:\Program Files\BitComet 2008-04-10 07:29:38 13312 --a-s---- C:\WINDOWS\system32\rkvdr.dll 2008-04-05 20:49:48 0 d-------- C:\Program Files\DivX 2008-04-05 20:47:13 0 d--h----- C:\Program Files\InstallShield Installation Information 2008-03-29 00:33:58 0 d-------- C:\Program Files\Common Files 2008-03-29 00:33:58 0 d-------- C:\Program Files\Ahead 2008-03-29 00:26:46 0 d-------- C:\Program Files\Creative 2008-03-28 23:03:36 0 d-------- C:\Documents and Settings\glynis\Application Data\Real 2008-03-14 10:25:14 0 d-------- C:\Documents and Settings\glynis\Application Data\Samsung 2008-03-03 20:42:10 0 d-------- C:\Program Files\Microsoft Works 2008-03-03 19:29:51 0 d-------- C:\Program Files\MSBuild 2008-03-03 19:18:50 0 d-------- C:\Program Files\Microsoft.NET 2008-02-24 19:49:00 0 d-------- C:\Program Files\Common Files\xing shared 2008-02-24 19:48:48 0 d-------- C:\Program Files\Common Files\Real 2008-02-17 17:18:13 0 d-------- C:\Program Files\Real 2008-02-16 18:54:22 0 d-------- C:\Program Files\usr 2008-02-14 19:15:46 0 d-------- C:\Documents and Settings\glynis\Application Data\Vso 2008-02-14 19:12:13 34 --a------ C:\Documents and Settings\glynis\Application Data\pcouffin.log 2008-02-14 19:11:34 47360 --a------ C:\Documents and Settings\glynis\Application Data\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine> 2008-02-14 19:11:34 1144 --a------ C:\Documents and Settings\glynis\Application Data\pcouffin.inf 2008-02-14 19:11:34 7887 --a------ C:\Documents and Settings\glynis\Application Data\pcouffin.cat 2008-02-14 19:11:28 0 d-------- C:\Program Files\VSO 2008-02-12 23:29:36 0 d-------- C:\Program Files\CCleaner 2008-02-05 10:48:13 64 --a----c- C:\msconfig.bat -- Registry Dump --------------------------------------------------------------- *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7C109800-A5D5-438F-9640-18D17E168B88}] 2008-04-10 14:14 10240 --a------ C:\Program Files\NetProject\sbmdl.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F6E20ADE-8CE8-492c-BCBA-ABF3EF2DE4E8}] C:\WINDOWS\system32\\msrdo20x24.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SunKistEM"="C:\Program Files\Digital Media Reader\shwiconem.exe" [2004-11-15 15:04] "Recguard"="%WINDIR%\SMINST\RECGUARD.EXE" [] "Reminder"="%WINDIR%\Creator\Remind_XP.exe" [] "High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 17:07 C:\WINDOWS\system32\HdAShCut.exe] "AzMixerSel"="C:\Program Files\Realtek\InstallShield\AzMixerSel.exe" [2005-06-11 04:51] "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-04-25 10:32] "HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-04-25 10:29] "Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2005-04-25 10:32] "CHotkey"="zHotkey.exe" [2005-05-03 14:02 C:\WINDOWS\zHotkey.exe] "RTHDCPL"="RTHDCPL.EXE" [2005-07-13 10:37 C:\WINDOWS\RTHDCPL.EXE] "PhilipsDM"="C:\Program Files\Philips\Philips Device Manager\Bin\DeviceManager.exe" [2005-09-14 23:12] "AVFX Engine"="C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe" [2006-06-09 01:11] "V0220Mon.exe"="C:\WINDOWS\V0220Mon.exe" [2006-06-28 18:01] "CreativeTaskScheduler"="C:\Program Files\Creative\Shared Files\CTSched.exe" [2006-01-09 03:43] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-03-29 18:37] "CONNECTScheduler"="C:\Program Files\Sony\CONNECTAutoUpdate\CONNECTScheduler.exe" [2005-11-15 03:54] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-26 14:42] "COMODO Firewall Pro"="C:\Program Files\Comodo\Firewall\CPF.exe" [2007-10-26 21:21] "Spamihilator"="C:\Program Files\Spamihilator\spamihilator.exe" [2007-08-17 16:24] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-02-24 19:47] "GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 01:47] "Creative Software Update"="C:\Program Files\Creative\Shared Files\Software Update\AutoUpdate.exe" [2006-06-08 16:41] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "PhilipsLime"="C:\Program Files\Philips\Philips Lime Service\bin\LimeAlive.exe" [2005-09-08 16:10] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-02 18:05] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24] "updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 20:00] "Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2007-11-20 16:29] C:\Documents and Settings\glynis\Start Menu\Programs\Startup\ ERUNT AutoBackup.lnk - C:\Program Files\ERUNT\AUTOBACK.EXE [2005-10-20 13:04:08] Webshots.lnk - C:\Program Files\Webshots\Launcher.exe [2007-07-31 21:28:07] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26] CONNECTAUTrayApp.lnk - C:\Program Files\Sony\CONNECTAutoUpdate\CONNECTAUTrayApp.exe [2005-11-15 03:54:01] Install Pending Files.LNK - C:\Program Files\SIFXINST\SIFXINST.EXE [2007-07-31 07:34:13] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run] "some"=C:\Program Files\NetProject\scit.exe "start"=C:\Program Files\NetProject\sbmntr.exe -- End of Deckard's System Scanner: finished at 2008-04-10 15:10:25 ------------ Deckard's System Scanner v20071014.68 Extra logfile - please post this as an attachment with your post. -------------------------------------------------------------------------------- -- System Information ---------------------------------------------------------- Microsoft Windows XP Home Edition (build 2600) SP 2.0 Architecture: X86; Language: English CPU 0: Intel(R) Pentium(R) 4 CPU 2.93GHz Percentage of Memory in Use: 79% Physical Memory (total/avail): 245.95 MiB / 50.16 MiB Pagefile Memory (total/avail): 601.73 MiB / 116.89 MiB Virtual Memory (total/avail): 2047.88 MiB / 1895.2 MiB C: is Fixed (NTFS) - 73.81 GiB total, 5.52 GiB free. D: is Fixed (FAT32) - 2.87 GiB total, 1.23 GiB free. \\.\PHYSICALDRIVE0 - HDS728080PLA380 - 76.69 GiB - 2 partitions \PARTITION0 (bootable) - Installable File System - 73.81 GiB - C: \PARTITION1 - Unknown - 2.87 GiB - D: -- Security Center ------------------------------------------------------------- AUOptions is scheduled to auto-install. Windows Internal Firewall is disabled. FirstRunDisabled is set. FW: COMODO Firewall Pro v2.3.035 (COMODO) AV: avast! antivirus 4.8.1169 [VPS 080410-0] v4.8.1169 (ALWIL Software) [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"="C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE:*:Enabled:Internet Explorer" "C:\\Program Files\\Microsoft Office\\OFFICE12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\OFFICE12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook" "C:\\Program Files\\Microsoft Office\\OFFICE12\\GROOVE.EXE"="C:\\Program Files\\Microsoft Office\\OFFICE12\\GROOVE.EXE:*:Enabled:Microsoft Office Groove" "C:\\Program Files\\Microsoft Office\\OFFICE12\\ONENOTE.EXE"="C:\\Program Files\\Microsoft Office\\OFFICE12\\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote" -- Environment Variables ------------------------------------------------------- ALLUSERSPROFILE=C:\Documents and Settings\All Users APPDATA=C:\Documents and Settings\glynis\Application Data CLASSPATH=.;C:\Program Files\Java\jre1.5.0_02\lib\ext\QTJava.zip CLIENTNAME=Console CommonProgramFiles=C:\Program Files\Common Files COMPUTERNAME=YOUR-438CFEDA0C ComSpec=C:\WINDOWS\system32\cmd.exe FP_NO_HOST_CHECK=NO HOMEDRIVE=C: HOMEPATH=\Documents and Settings\glynis LOGONSERVER=\\YOUR-438CFEDA0C NUMBER_OF_PROCESSORS=1 OS=Windows_NT Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Samsung\Samsung PC Studio 3;C:\Program Files\Samsung\Samsung PC Studio 3\ PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH PROCESSOR_ARCHITECTURE=x86 PROCESSOR_IDENTIFIER=x86 Family 15 Model 4 Stepping 1, GenuineIntel PROCESSOR_LEVEL=15 PROCESSOR_REVISION=0401 ProgramFiles=C:\Program Files PROMPT=$P$G QTJAVA=C:\Program Files\Java\jre1.5.0_02\lib\ext\QTJava.zip SESSIONNAME=Console SystemDrive=C: SystemRoot=C:\WINDOWS TEMP=C:\DOCUME~1\glynis\LOCALS~1\Temp TMP=C:\DOCUME~1\glynis\LOCALS~1\Temp USERDOMAIN=YOUR-438CFEDA0C USERNAME=glynis USERPROFILE=C:\Documents and Settings\glynis windir=C:\WINDOWS -- User Profiles --------------------------------------------------------------- glynis (admin) alan (admin) nia (admin) beth (admin) Alex (admin) Administrator (admin) -- Add/Remove Programs --------------------------------------------------------- --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{15B3F9F8-4CF9-452A-9AF2-AA8553765DA7}\setup.exe" -l0x9 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2C81600D-D6C7-4687-9362-DD4A78B3483E}\setup.exe" -l0x9 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{513D9FB1-27A2-44E4-8F2D-77A6737921A5}\setup.exe" -l0x9 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x9 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6BE926E5-66F4-4166-A5E5-E14D7A165BBD}\setup.exe" -l0x9 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88B1984E-36F0-47B8-B8DC-728966807A9C}\SETUP.EXE" -l0x9 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A82F10CB-18B5-4EAC-AEF2-FA49CD565626}\setup.exe" -l0x9 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D5BA7C09-E523-478C-9C37-A1D86C76383E}\setup.exe" -l0x9 --> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9c.exe -uninstallUnlock Adobe Reader 7.0.9 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70900000002} Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log Advanced Video FX Engine --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D5BA7C09-E523-478C-9C37-A1D86C76383E}\setup.exe" -l0x9 /remove Apple Mobile Device Support --> MsiExec.exe /I{3EBD3749-304E-4A4C-9575-C00E5F015217} Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4} avast! Antivirus --> C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup BitComet 1.00 --> C:\Program Files\BitComet\uninst.exe CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe" Chuzzle Deluxe --> "C:\Program Files\Chuzzle Deluxe\ReflexiveArcade\unins000.exe" COMODO Firewall Pro --> C:\Program Files\Comodo\Firewall\fwconfig.exe -uninstalln CONNECT Auto Update --> C:\Program Files\Sony\CONNECTAutoUpdate\Uninstall.exe CONNECT Player --> MsiExec.exe /X{EC62DAEB-05E7-46FF-8867-FEBE00DBD790} CONNECT Player Language Pack --> MsiExec.exe /X{DC986B2B-DAE4-43E1-A00A-74044CFB6EA4} ConvertXtoDVD 2.2.3.258 --> "C:\Program Files\VSO\ConvertXtoDVD\unins000.exe" Creative Live! Cam Center --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6BE926E5-66F4-4166-A5E5-E14D7A165BBD}\setup.exe" -l0x9 /remove Creative Live! Cam Manager --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{15B3F9F8-4CF9-452A-9AF2-AA8553765DA7}\setup.exe" -l0x9 /remove Creative Live! Cam Video IM Driver (1.01.01.00) --> C:\WINDOWS\CtDrvIns.exe -uninstall -script VF0220.uns -unsext NT -plugin V0220Pin.dll -pluginres CtCamPin.crl Creative Live! Cam Video IM User's Guide (English) --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\Creative Live! Cam Video IM\Creative Live! Cam Video IM User's Guide\English\CTManual.isu" Creative Photo Calendar --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2C81600D-D6C7-4687-9362-DD4A78B3483E}\setup.exe" -l0x9 /remove Creative Photo Manager --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{513D9FB1-27A2-44E4-8F2D-77A6737921A5}\setup.exe" -l0x9 /remove Creative Software AutoUpdate --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88B1984E-36F0-47B8-B8DC-728966807A9C}\SETUP.EXE" -l0x9 /remove Creative System Information --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x9 /remove Digital Media Reader --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{81EED1A1-AE78-4B11-BE47-C6AE9F5E87F1} DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN EPSON Printer Software --> C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R EPSON Scan --> C:\Program Files\epson\escndv\setup\setup.exe /r ERUNT 1.1j --> "C:\Program Files\ERUNT\unins000.exe" Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29} Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar1.dll" High Definition Audio Driver Package - KB888111 --> "C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe" Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe" Intel(R) Graphics Media Accelerator Driver --> RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_2782 PCI\VEN_8086&DEV_2582 Intel(R) PRO Network Connections Drivers --> Prounstl.exe Internet Service --> "C:\Program Files\NetProject\scu.exe" iTunes --> MsiExec.exe /I{B045B608-4A47-4C77-9EAD-06C394503306} J2SE Runtime Environment 5.0 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150020} Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe" Microsoft Office Access MUI (English) 2007 --> MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE} Microsoft Office Access Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE} Microsoft Office Enterprise 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL Microsoft Office Enterprise 2007 --> MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE} Microsoft Office Excel MUI (English) 2007 --> MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE} Microsoft Office Groove MUI (English) 2007 --> MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE} Microsoft Office Groove Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE} Microsoft Office InfoPath MUI (English) 2007 --> MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE} Microsoft Office OneNote MUI (English) 2007 --> MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE} Microsoft Office Outlook MUI (English) 2007 --> MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE} Microsoft Office PowerPoint MUI (English) 2007 --> MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE} Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE} Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE} Microsoft Office Proof (Spanish) 2007 --> MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE} Microsoft Office Proofing (English) 2007 --> MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE} Microsoft Office Publisher MUI (English) 2007 --> MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE} Microsoft Office Shared MUI (English) 2007 --> MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE} Microsoft Office Shared Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE} Microsoft Office Word MUI (English) 2007 --> MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE} Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe" Multimedia Keyboard Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FF262740-C85A-11D5-BBEC-00D0B740900A}\Setup.exe" -l0x9 Nero BurnRights --> C:\WINDOWS\UNNeroBurnRights.exe /UNINSTALL OpenMG Secure Module 4.3.00 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{F5E4C38C-73BC-4D44-8BFC-969C2B4DABCA} UNINSTALL Panda ActiveScan --> C:\WINDOWS\system32\ASUninst.exe Panda ActiveScan Philips Device Manager --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{36A9D3F8-3FCF-4FBA-A8AD-3C1CE56C8AF4}\setup.exe" -l0x9 -removeonly Philips Device Plug-in --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{57F06897-6735-4B97-9DF3-DE8BC27879D4}\setup.exe" -l0x9 -removeonly QuickTime --> MsiExec.exe /I{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC} RealArcade --> C:\Program Files\Real\RealArcade\Update\rnuninst.exe RealNetworks|RealArcade|1.2 RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0 Realtek High Definition Audio Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x9 -removeonly SAMSUNG CDMA Modem Driver Set --> C:\WINDOWS\system32\Samsung_USB_Drivers\3\SSCDUninstall.exe SAMSUNG Mobile Composite Device Software --> C:\WINDOWS\system32\Samsung_USB_Drivers\6\SSBCUninstall.exe Samsung Mobile phone USB driver Software --> C:\WINDOWS\system32\Samsung_USB_Drivers\5\SSSDUninstall.exe SAMSUNG Mobile USB Modem 1.0 Software --> C:\WINDOWS\system32\Samsung_USB_Drivers\1\SS_Uninstall.exe SAMSUNG Mobile USB Modem Software --> C:\WINDOWS\system32\Samsung_USB_Drivers\2\SSM_Uninstall.exe Samsung PC Studio 3 --> "C:\Program Files\InstallShield Installation Information\{C4A4722E-79F9-417C-BD72-8D359A090C97}\setup.exe" -runfromtemp -l0x0009 -removeonly Secure Browsing --> "C:\Program Files\NetProject\sbun.exe" Security Update for Excel 2007 (KB946974) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {85E83E2E-AF9B-439B-B4F9-EB9B7EF6A00E} Security Update for Office 2007 (KB947801) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {02B5A17B-01BE-4BA6-95F1-1CBB46EBC76E} Security Update for Outlook 2007 (KB946983) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {66B9496E-C0C3-4065-9868-85CCA92126C3} Security Update for Step By Step Interactive Training (KB898458) --> Security Update for Visio 2007 (KB947590) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {6BAD036C-261F-4BEF-96CF-C20678D07A41} SEGA Bass Fishing --> MsiExec.exe /X{0DD9E20B-56B8-43E0-8D10-B2202F467E7C} Shockwave --> C:\WINDOWS\system32\Macromed\SHOCKW~2\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~2\INSTALL.LOG SoftV92 Data Fax Modem with SmartCP --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200014F1\HXFSETUP.EXE -U -IURSLST5K.inf Sony Ericsson PC Suite 3.108.00 --> C:\Program Files\InstallShield Installation Information\{2FFE93F0-BB72-4E52-8761-354D1AAA9387}\Setup.exe -runfromtemp -l0x0009 -removeonly Spamihilator --> "C:\Program Files\Spamihilator\uninstall.exe" SpywareBlaster 4.0 --> "C:\Program Files\SpywareBlaster\unins000.exe" Stuart Little Big City Adventures --> C:\HASBRO\STUART_LITTLE\Uninstall_Stuart.EXE Update for Office 2007 (KB946691) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278} Update for Outlook 2007 Junk Email Filter (kb949037) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {B4F188C6-6DBF-42A5-A8A3-3086D1A384F2} Visual C++ CRT 8.0 --> MsiExec.exe /I{B2395631-54D5-481E-B9A8-74B269546F40} Webshots Desktop --> "C:\Program Files\Webshots\unins000.exe" Windows Live Messenger --> MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F} Windows Live Sign-in Assistant --> MsiExec.exe /I{49672EC2-171B-47B4-8CE7-50D7806360D7} Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe" WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe -- Application Event Log ------------------------------------------------------- Event Record #/Type2214 / Error Event Submitted/Written: 04/10/2008 03:08:42 PM Event ID/Source: 8 / crypt32 Event Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The specified server cannot perform the requested operation. Event Record #/Type2213 / Error Event Submitted/Written: 04/10/2008 03:08:42 PM Event ID/Source: 8 / crypt32 Event Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This operation returned because the timeout period expired. Event Record #/Type2202 / Success Event Submitted/Written: 04/10/2008 11:13:47 AM Event ID/Source: 12001 / usnjsvc Event Description: The Messenger Sharing USN Journal Reader service started successfully. Event Record #/Type2179 / Error Event Submitted/Written: 04/09/2008 03:38:58 PM Event ID/Source: 1002 / Application Hang Event Description: Hanging application msnmsgr.exe, version 8.1.178.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Event Record #/Type2178 / Success Event Submitted/Written: 04/09/2008 03:38:49 PM Event ID/Source: 12001 / usnjsvc Event Description: The Messenger Sharing USN Journal Reader service started successfully. -- Security Event Log ---------------------------------------------------------- No Errors/Warnings found. -- System Event Log ------------------------------------------------------------ Event Record #/Type50075 / Error Event Submitted/Written: 04/10/2008 02:18:43 PM / 04/10/2008 02:18:44 PM Event ID/Source: 10010 / DCOM Event Description: The server {0002DF01-0000-0000-C000-000000000046} did not register with DCOM within the required timeout. Event Record #/Type50055 / Error Event Submitted/Written: 04/10/2008 02:14:12 PM Event ID/Source: 7026 / Service Control Manager Event Description: The following boot-start or system-start driver(s) failed to load: Beep Event Record #/Type50030 / Error Event Submitted/Written: 04/10/2008 02:03:49 PM Event ID/Source: 7026 / Service Control Manager Event Description: The following boot-start or system-start driver(s) failed to load: Beep Event Record #/Type50008 / Error Event Submitted/Written: 04/10/2008 01:55:15 PM Event ID/Source: 7026 / Service Control Manager Event Description: The following boot-start or system-start driver(s) failed to load: Beep Event Record #/Type49981 / Error Event Submitted/Written: 04/10/2008 11:05:52 AM Event ID/Source: 7026 / Service Control Manager Event Description: The following boot-start or system-start driver(s) failed to load: Beep -- End of Deckard's System Scanner: finished at 2008-04-10 15:10:25 ------------ ComboFix 08-04-09.9 - glynis 2008-04-10 15:40:41.8 - NTFSx86 Running from: C:\Documents and Settings\glynis\Desktop\ComboFix.exe * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\314060.exe C:\Documents and Settings\glynis\Application Data\inst.exe C:\WINDOWS\system32\215651\215651.dll . ((((((((((((((((((((((((( Files Created from 2008-03-10 to 2008-04-10 ))))))))))))))))))))))))))))))) . 2008-04-10 15:29 . 2008-04-10 15:29 <DIR> d-------- C:\WINDOWS\LastGood 2008-04-10 15:29 . 2008-04-10 15:29 <DIR> d-------- C:\Program Files\Panda Security 2008-04-10 15:02 . 2008-04-10 15:02 <DIR> d----c--- C:\Deckard 2008-04-10 11:59 . 2008-04-10 15:49 <DIR> d-------- C:\WINDOWS\system32\215651 2008-04-10 11:58 . 2008-04-10 14:14 <DIR> d-------- C:\Program Files\NetProject 2008-04-09 22:40 . 2008-04-09 22:43 1,355 --a------ C:\WINDOWS\imsins.BAK 2008-04-06 21:41 . 2008-04-06 21:41 <DIR> d-------- C:\Program Files\Cedelia 2008-04-06 21:33 . 2008-04-06 21:33 2,560 --a------ C:\WINDOWS\system32\bitcometres.dll 2008-04-06 21:28 . 2008-04-06 21:28 <DIR> d-------- C:\Program Files\SpywareBlaster 2008-04-06 21:28 . 2008-04-10 14:25 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP 2008-04-05 20:30 . 2008-03-29 18:31 75,856 --a------ C:\WINDOWS\system32\drivers\aswSP.sys 2008-04-05 20:30 . 2008-03-29 18:35 20,560 --a------ C:\WINDOWS\system32\drivers\aswFsBlk.sys 2008-04-05 13:03 . 2008-04-05 13:03 <DIR> d----c--- C:\Documents and Settings\alan\Application Data\funkitron 2008-03-30 19:09 . 2008-03-30 19:09 <DIR> d----c--- C:\Documents and Settings\alan\Application Data\Talkback 2008-03-30 19:05 . 2008-03-30 19:05 0 --a------ C:\WINDOWS\nsreg.dat 2008-03-29 14:35 . 2008-03-29 14:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PlayPond 2008-03-25 17:38 . 2004-08-04 00:08 36,224 --a------ C:\WINDOWS\system32\drivers\hidclass.sys 2008-03-25 17:38 . 2004-08-04 00:08 36,224 --a--c--- C:\WINDOWS\system32\dllcache\hidclass.sys 2008-03-25 17:38 . 2004-08-04 00:08 24,960 --a------ C:\WINDOWS\system32\drivers\hidparse.sys 2008-03-25 17:38 . 2004-08-04 00:08 24,960 --a--c--- C:\WINDOWS\system32\dllcache\hidparse.sys 2008-03-25 17:38 . 2001-08-17 15:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys 2008-03-25 17:38 . 2001-08-17 15:02 9,600 --a--c--- C:\WINDOWS\system32\dllcache\hidusb.sys 2008-03-17 16:51 . 2008-03-17 16:51 <DIR> d-------- C:\Documents and Settings\nia\Application Data\Apple Computer 2008-03-14 17:44 . 2008-03-14 17:44 <DIR> d-------- C:\Program Files\Sony Ericsson 2008-03-14 17:44 . 2008-03-14 17:44 <DIR> d-------- C:\Documents and Settings\glynis\Application Data\InstallShield 2008-03-14 17:44 . 2008-03-14 17:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Sony Ericsson 2008-03-14 17:35 . 2008-03-14 17:35 19,079,456 --a--c--- C:\Sony Ericsson PC Suite_3.108.00_EN.exe . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-04-10 13:32 --------- d-----w C:\Program Files\BitComet 2008-04-09 21:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help 2008-04-05 19:49 --------- d-----w C:\Program Files\DivX 2008-04-05 19:47 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-03-29 17:35 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys 2008-03-29 17:29 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys 2008-03-29 17:27 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys 2008-03-29 17:26 26,944 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys 2008-03-28 23:33 --------- d-----w C:\Program Files\Ahead 2008-03-28 23:26 --------- d-----w C:\Program Files\Creative 2008-03-14 09:25 --------- d-----w C:\Documents and Settings\glynis\Application Data\Samsung 2008-03-03 19:42 --------- d-----w C:\Program Files\Microsoft Works 2008-03-03 18:29 --------- d-----w C:\Program Files\MSBuild 2008-03-03 18:18 --------- d-----w C:\Program Files\Microsoft.NET 2008-03-02 00:35 --------- dc----w C:\Documents and Settings\alan\Application Data\PlayFirst 2008-02-24 18:49 --------- d-----w C:\Program Files\Common Files\xing shared 2008-02-24 18:48 --------- d-----w C:\Program Files\Common Files\Real 2008-02-17 16:18 --------- d-----w C:\Program Files\Real 2008-02-16 17:54 --------- d-----w C:\Program Files\usr 2008-02-14 18:15 --------- d-----w C:\Documents and Settings\glynis\Application Data\Vso 2008-02-14 18:11 47,360 ----a-w C:\WINDOWS\system32\drivers\pcouffin.sys 2008-02-14 18:11 47,360 ----a-w C:\Documents and Settings\glynis\Application Data\pcouffin.sys 2008-02-14 18:11 --------- d-----w C:\Program Files\VSO 2008-02-12 22:29 --------- d-----w C:\Program Files\CCleaner 2008-02-08 21:00 1,936 -c--a-w C:\cdgone.zip 2008-02-05 09:48 64 -c--a-w C:\msconfig.bat 2007-12-10 20:54 136 -c--a-w C:\Documents and Settings\Alex\Application Data\wklnhst.dat 2007-12-09 12:45 552 ----a-w C:\Documents and Settings\glynis\Application Data\wklnhst.dat 2007-11-04 21:01 180 ----a-w C:\Documents and Settings\nia\Application Data\wklnhst.dat 2007-07-31 19:48 774,144 ----a-w C:\Program Files\RngInterstitial.dll 2007-07-31 19:06 278,528 ----a-w C:\Program Files\Common Files\FDEUnInstaller.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7C109800-A5D5-438F-9640-18D17E168B88}] 2008-04-10 14:14 10240 --a------ C:\Program Files\NetProject\sbmdl.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F6E20ADE-8CE8-492c-BCBA-ABF3EF2DE4E8}] C:\WINDOWS\system32\\msrdo20x24.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "PhilipsLime"="C:\Program Files\Philips\Philips Lime Service\bin\LimeAlive.exe" [2005-09-08 16:10 159744] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-02 18:05 68856] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208] "updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45 313472] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 20:00 15360] "Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2007-11-20 16:29 356352] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SunKistEM"="C:\Program Files\Digital Media Reader\shwiconem.exe" [2004-11-15 15:04 135168] "Recguard"="%WINDIR%\SMINST\RECGUARD.EXE" [ ] "Reminder"="%WINDIR%\Creator\Remind_XP.exe" [ ] "High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 17:07 61952 C:\WINDOWS\system32\HdAShCut.exe] "AzMixerSel"="C:\Program Files\Realtek\InstallShield\AzMixerSel.exe" [2005-06-11 04:51 53248] "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-04-25 10:32 94208] "HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-04-25 10:29 77824] "Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2005-04-25 10:32 114688] "CHotkey"="zHotkey.exe" [2005-05-03 14:02 543232 C:\WINDOWS\zHotkey.exe] "RTHDCPL"="RTHDCPL.EXE" [2005-07-13 10:37 14679552 C:\WINDOWS\RTHDCPL.EXE] "PhilipsDM"="C:\Program Files\Philips\Philips Device Manager\Bin\DeviceManager.exe" [2005-09-14 23:12 520192] "AVFX Engine"="C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe" [2006-06-09 01:11 24576] "V0220Mon.exe"="C:\WINDOWS\V0220Mon.exe" [2006-06-28 18:01 32768] "CreativeTaskScheduler"="C:\Program Files\Creative\Shared Files\CTSched.exe" [2006-01-09 03:43 53340] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-03-29 18:37 79224] "CONNECTScheduler"="C:\Program Files\Sony\CONNECTAutoUpdate\CONNECTScheduler.exe" [2005-11-15 03:54 69632] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24 286720] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-26 14:42 267064] "COMODO Firewall Pro"="C:\Program Files\Comodo\Firewall\CPF.exe" [2007-10-26 21:21 1115728] "Spamihilator"="C:\Program Files\Spamihilator\spamihilator.exe" [2007-08-17 16:24 716800] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-02-24 19:47 185896] "GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 01:47 31016] "Creative Software Update"="C:\Program Files\Creative\Shared Files\Software Update\AutoUpdate.exe" [2006-06-08 16:41 422029] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 20:00 15360] C:\Documents and Settings\glynis\Start Menu\Programs\Startup\ ERUNT AutoBackup.lnk - C:\Program Files\ERUNT\AUTOBACK.EXE [2005-10-20 13:04:08 38912] Webshots.lnk - C:\Program Files\Webshots\Launcher.exe [2007-07-31 21:28:07 63064] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696] CONNECTAUTrayApp.lnk - C:\Program Files\Sony\CONNECTAutoUpdate\CONNECTAUTrayApp.exe [2005-11-15 03:54:01 114688] Install Pending Files.LNK - C:\Program Files\SIFXINST\SIFXINST.EXE [2007-07-31 07:34:13 729088] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run] "some"= C:\Program Files\NetProject\scit.exe "start"= C:\Program Files\NetProject\sbmntr.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"= "C:\\Program Files\\Microsoft Office\\OFFICE12\\OUTLOOK.EXE"= "C:\\Program Files\\Microsoft Office\\OFFICE12\\GROOVE.EXE"= "C:\\Program Files\\Microsoft Office\\OFFICE12\\ONENOTE.EXE"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "22909:TCP"= 22909:TCP:BitCometBeta 22909 TCP "22909:UDP"= 22909:UDP:BitCometBeta 22909 UDP "60006:TCP"= 60006:TCP:BitComet 60006 TCP(ED2K) "60006:UDP"= 60006:UDP:BitComet 60006 UDP(ED2K) R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 18:31] R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 18:35] R3 V0220Dev;Live! Cam Video IM;C:\WINDOWS\system32\DRIVERS\V0220Dev.sys [2006-06-29 06:58] R3 V0220Vfx;V0220VFX;C:\WINDOWS\system32\DRIVERS\V0220Vfx.sys [2006-06-08 09:00] . Contents of the 'Scheduled Tasks' folder "2008-04-06 02:00:01 C:\WINDOWS\Tasks\AdwareAlert Scheduled Scan.job" - C:\Program Files\AdwareAlert\AdwareAlert.ex - C:\Program Files\AdwareAlert.glynisWRuns AdwareAlert to scan your computer for malicious and potenially unwanted programs. "2008-04-09 16:20:32 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe . ************************************************************************** catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-04-10 15:51:09 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-04-10 16:20:03 ComboFix-quarantined-files.txt 2008-04-10 15:19:41 Pre-Run: 5,829,074,944 bytes free Post-Run: 5,822,644,224 bytes free . 2008-04-09 21:45:50 --- E O F --- |
|
     
|
|
| Thread Tools | |
|
|
