Welcome to Tech Support Forum home to more then 136,000 problems solved. Issues have included: Spyware, Malware, Virus Issues, Windows, Microsoft, Linux, Networking, Security, Hardware, and Gaming Getting your problem solved is as easy as:
1. Registering for a free account
2. Asking your question
3. Receiving an answer

Registered members:
* Get free support
* Communicate privately with other members (PM).
* Removal of this message
* See fewer ads.
* And much more..

 


Want to know how to post a question? click here Having problems with spyware and pop-ups? First Steps
Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads
Reload this Page Please Help!!![moved from vista]
User Name
Password
Site Map Register Donate Rules Blogs Mark Forums Read


Resolved HJT Threads Resolved spyware and popup issues.

 
Page 1 of 2 1 2
 
LinkBack Thread Tools
Old 08-24-2007, 09:04 AM   #1 (permalink)
Registered User
 
Torres919's Avatar
 
Join Date: Aug 2007
Posts: 21
OS: vista home premium


Please Help!!![moved from vista]
i just upgraded to vista i had xp media center edition...after i finished upgrading it my computer stated freezing....it freezes for like 2 minutes then goes back to normal nd freezes again...i tried unistalling nd installing my programs...i need help PLeaSe!!!

my hijack log:


Logfile of HijackThis v1.99.1
Scan saved at 10:47:47 AM, on 8/24/2007
Platform: Unknown Windows (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Search Settings Protection\SearchSettingsProtection.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Windows\stsystra.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\System32\ctfmon.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\Program Files\Xfire\xfire.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\CaSP3R\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en&...us&ibd=4061107
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.811.com/saecs.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.811.com/saecs.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.optimum.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.811.com/saecs.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.com/ig/dell?hl=en&...us&ibd=4061107
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1FB63E52-4D6E-48C1-A08F-F630FE50F337} - C:\WINDOWS\system32\tuvuutt.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {9243B709-136F-4EC9-B244-67DD3E3751Fb} - C:\WINDOWS\system32\qbsihwwd.dll (file missing)
O2 - BHO: (no name) - {A5C02540-9E05-40D1-8EE7-DB5A64BC43F0} - C:\WINDOWS\system32\vtstq.dll
O2 - BHO: (no name) - {C6039E6C-BDE9-4de5-BB40-768CAA584FDC} - C:\WINDOWS\system32\ggjjyvqg.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SearchProtection] C:\Program Files\Search Settings Protection\SearchSettingsProtection.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl06a\BrStDvPt.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Uninstall_CToolbar] "C:\Windows\Temp\CTun.exe" "/remove"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O11 - Options group: [INTERNATIONAL] International*
O13 - Gopher Prefix:
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/...eInstaller.exe
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/res...scbase8300.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: vtstq - C:\WINDOWS\system32\vtstq.dll
O20 - Winlogon Notify: WgaLogon - C:\Windows\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\Windows\system32\wpdshserviceobj.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LibUsb-Win32 - Daemon, Version 0.1.10.1 (libusbd) - http://libusb-win32.sourceforge.net - C:\Windows\system32\libusbd-nt.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)
Torres919 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Important Information
Join the #1 Tech Support Forum Today - It's Totally Free!

TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free.

Join TechSupportforum.com Today - Click Here

Old 08-25-2007, 07:03 AM   #2 (permalink)
Registered User
 
Torres919's Avatar
 
Join Date: Aug 2007
Posts: 21
OS: vista home premium


Re: Please Help!!![moved from vista]
So CAN ANY1 HELP mE PLEASE
Torres919 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 08-27-2007, 08:51 PM   #3 (permalink)
Manager, Security Center, TSF Academy; Analyst, Security Team
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 35,740
OS: 2000 Pro; XP Pro; XP Home


Re: Please Help!!![moved from vista]
Hello and Welcome. Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

---------------------------------------------------------------------------------------------

Open HijackThis and click on 'Do a System Scan Only'. Check the following entries if they exist (make sure you do not miss any) and click Fix Checked

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.811.com/saecs.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.811.com/saecs.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.811.com/saecs.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {1FB63E52-4D6E-48C1-A08F-F630FE50F337} - C:\WINDOWS\system32\tuvuutt.dll (file missing)
O2 - BHO: (no name) - {9243B709-136F-4EC9-B244-67DD3E3751Fb} - C:\WINDOWS\system32\qbsihwwd.dll (file missing)
O2 - BHO: (no name) - {A5C02540-9E05-40D1-8EE7-DB5A64BC43F0} - C:\WINDOWS\system32\vtstq.dll
O2 - BHO: (no name) - {C6039E6C-BDE9-4de5-BB40-768CAA584FDC} - C:\WINDOWS\system32\ggjjyvqg.dll
O4 - HKLM\..\Run: [Uninstall_CToolbar] "C:\Windows\Temp\CTun.exe" "/remove"
O20 - Winlogon Notify: vtstq - C:\WINDOWS\system32\vtstq.dll



Close HijackThis now.

---------------------------------------------------------------------------------------------

Locate and delete these files:

C:\WINDOWS\system32\vtstq.dll
C:\WINDOWS\system32\ggjjyvqg.dll
C:\WINDOWS\system32\vtstq.dll
C:\Windows\Temp\CTun.exe

Let me know if you have any trouble with this.

---------------------------------------------------------------------------------------------

Please do this:

Download Deckard's System Scanner (DSS) to your Desktop. Note: You must be logged onto an account with administrator privileges.
  1. Close all applications and windows.
  2. Double-click on dss.exe to run it, and follow the prompts.
  3. When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt <-this one will be minimized
  4. Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt here.
  5. Please attach extra.txt to your post.
To attach a file to a new post, simply
  1. Click the[Manage Attachments] button under Additional Options > Attach Files on the post composition page, and
  2. copy and paste the following into the "Upload File from your Computer" box:
    C:\Deckard\System Scanner\extra.txt
  3. Click Upload.

What DSS will do:
  • create a new System Restore point in Windows XP and Vista.
  • clean your Temporary Files, Downloaded Program Files, and Internet Cache Files, and also empty the Recycle Bin on all drives.
  • check some important areas of your system and produce a report for your analyst to review. DSS automatically runs HijackThis for you, but it will also install and place a shortcut to HijackThis on your desktop if you do not already have HijackThis installed.

---------------------------------------------------------------------------------------------
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of ASAP since 2005
Proud Member of UNITE since 2006

Microsoft MVP - Consumer Security 2009
tetonbob is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 08-28-2007, 06:40 AM   #4 (permalink)
Registered User
 
Torres919's Avatar
 
Join Date: Aug 2007
Posts: 21
OS: vista home premium


Re: Please Help!!![moved from vista]
Locate and delete these files:

C:\WINDOWS\system32\vtstq.dll
C:\WINDOWS\system32\ggjjyvqg.dll
C:\WINDOWS\system32\vtstq.dll
C:\Windows\Temp\CTun.exe

Let me know if you have any trouble with this.

ok i deleted .. C:\Windows\Temp\CTun.exe

i didnt find....C:\WINDOWS\system32\vtstq.dll(i think its already deleted)

and when i try to delete.. C:\WINDOWS\system32\ggjjyvqg.dll...it says "you need premission 2 perform this action"...what do i do???
Torres919 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 08-28-2007, 06:44 AM   #5 (permalink)
Manager, Security Center, TSF Academy; Analyst, Security Team
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 35,740
OS: 2000 Pro; XP Pro; XP Home


Re: Please Help!!![moved from vista]
Boot into safe mode and delete any files that resist.

Then post the log from Deckard's System Scanner.
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of ASAP since 2005
Proud Member of UNITE since 2006

Microsoft MVP - Consumer Security 2009
tetonbob is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 08-28-2007, 08:51 AM   #6 (permalink)
Registered User
 
Torres919's Avatar
 
Join Date: Aug 2007
Posts: 21
OS: vista home premium


Re: Please Help!!![moved from vista]
Deckard's System Scanner v20070826.66
Run by CaSP3R on 2007-08-28 10:40:05
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- Last 5 Restore Point(s) --
7: 2007-08-28 12:10:42 UTC - RP53 - Windows Update
6: 2007-08-27 21:42:45 UTC - RP52 - Removed Doom 3
5: 2007-08-27 12:02:00 UTC - RP50 - Windows Update
4: 2007-08-26 07:01:06 UTC - RP49 - Windows Update
3: 2007-08-26 04:02:16 UTC - RP48 - Scheduled Checkpoint


-- First Restore Point --
1: 2007-08-24 20:52:33 UTC - RP46 - Device Driver Package Install: NVIDIA Display adapters


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 1022 MiB (1024 MiB recommended).


-- HijackThis Clone ------------------------------------------------------------

Emulating logfile of HijackThis v1.99.1
Scan saved at 2007-08-28 10:42:28
Platform: Windows Vista (6.00.6000)
MSIE: Internet Explorer (7.00.6000.16386)

Running processes:
C:\Windows\System32\dwm.exe
C:\Windows\System32\taskeng.exe
C:\Windows\explorer.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Brother\ControlCenter3\BrccMCtl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Search Settings Protection\SearchSettingsProtection.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Windows\stsystra.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\ctfmon.exe
C:\Program Files\Brother\Brmfcmon\BrMfcMon.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Users\CaSP3R\Desktop\dss.exe
C:\Windows\System32\wuauclt.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en&...us&ibd=4061107
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.optimum.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/search?q=%s
R1 - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.microsoft.com/isapi/redir...ie&ar=iesearch
R1 - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://www.microsoft.com/isapi/redir...ie&ar=iesearch
R1 - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
R1 - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.811.com/saecs.html
R1 - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.com/ig/dell?hl=en&...us&ibd=4061107
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1FB63E52-4D6E-48C1-A08F-F630FE50F337} - C:\WINDOWS\system32\tuvuutt.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {A5C02540-9E05-40D1-8EE7-DB5A64BC43F0} - C:\WINDOWS\system32\vtstq.dll (file missing)
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O4 - HKEY_LOCAL_MACHINE\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKEY_LOCAL_MACHINE\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKEY_LOCAL_MACHINE\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKEY_LOCAL_MACHINE\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKEY_LOCAL_MACHINE\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKEY_LOCAL_MACHINE\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKEY_LOCAL_MACHINE\..\Run: [SearchProtection] C:\Program Files\Search Settings Protection\SearchSettingsProtection.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl06a\BrStDvPt.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKEY_LOCAL_MACHINE\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKEY_LOCAL_MACHINE\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKEY_LOCAL_MACHINE\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [Uninstall_CToolbar] "C:\Windows\Temp\CTun.exe" "/remove"
O4 - HKEY_LOCAL_MACHINE\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKEY_LOCAL_MACHINE\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKEY_LOCAL_MACHINE\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKEY_LOCAL_MACHINE\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra 'Tools' menuitem: (no name) - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\Windows\network diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\Windows\network diagnostic\xpnetdiag.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/s...irector/sw.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} () - http://a1540.g.akamai.net/7/1540/52/...eInstaller.exe
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/res...scbase8300.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab Class) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O18 - Protocol: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\microsoft shared\Information Retrieval\msitss.dll
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: vtstq - C:\WINDOWS\system32\vtstq.dll (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - "C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe"
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - "C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe"
O23 - Service: LibUsb-Win32 - Daemon, Version 0.1.10.1 (libusbd) - http://libusb-win32.sourceforge.net - C:\Windows\System32\libusbd-nt.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe


-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R3 libusb0 (LibUsb-Win32 - Kernel Driver, Version 0.1.10.1) - c:\windows\system32\drivers\libusb0.sys

S3 DSproct - \??\c:\program files\dell support\gtaction\triggers\dsproct.sys
S3 NAL (Nal Service ) - \??\c:\windows\system32\drivers\iqvw32.sys
S3 WpdUsb - c:\windows\system32\drivers\wpdusb.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
S4 dac2w2k - c:\windows\system32\drivers\dac2w2k.sys <Not Verified; Mylex Corporation; Mylex Disk Array Controller Driver>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 libusbd (LibUsb-Win32 - Daemon, Version 0.1.10.1) - system32\libusbd-nt.exe <Not Verified; http://libusb-win32.sourceforge.net; LibUsb-Win32>
R2 StarWindServiceAE (StarWind AE Service) - c:\program files\alcohol soft\alcohol 120\starwind\starwindserviceae.exe <Not Verified; Rocket Division Software; StarWind Alcohol Edition>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2007-08-27 2000 482 --a------ C:\Windows\Tasks\Norton AntiVirus - Run Full System Scan - CaSP3R.job
2007-08-22 10:39:05 284 --a------ C:\Windows\Tasks\AppleSoftwareUpdate.job


-- Files created between 2007-07-28 and 2007-08-28 -----------------------------

2007-12-19 14:43:05 0 d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-12-19 11:43:57 0 d-------- C:\Program Files\iTunes
2007-12-19 11:42:11 0 d-------- C:\Program Files\QuickTime
2007-12-19 11:40:26 0 d-------- C:\Users\All Users\Apple
2007-12-19 11:40:26 0 d-------- C:\Program Files\Common Files\Apple
2007-12-19 11:16:00 0 d-------- C:\Program Files\Microsoft.NET
2007-12-19 11:13:06 0 d-------- C:\Users\All Users\Microsoft Help
2007-12-19 11:12:26 0 dr-h----- C:\MSOCache
2007-12-19 10:18:49 1802998 --ahs---- C:\Windows\system32\nqtwa.bak1
2007-08-24 16:05:05 0 d-------- C:\Program Files\SystemRequirementsLab
2007-08-23 18:27:16 0 d-------- C:\Program Files\DOOM 3
2007-08-23 08:29:45 0 d-------- C:\Program Files\SEGA
2007-08-20 17:26:32 18944 --a------ C:\Windows\system32\libusbd-nt.exe <Not Verified; http://libusb-win32.sourceforge.net; LibUsb-Win32>
2007-08-20 17:26:32 19456 --a------ C:\Windows\system32\libusbd-9x.exe <Not Verified; http://libusb-win32.sourceforge.net; LibUsb-Win32>
2007-08-20 17:26:31 0 d-------- C:\Program Files\LibUSB-Win32-0.1.10.1
2007-08-20 17:10:25 0 d-------- C:\Users\All Users\Microsoft Games
2007-08-19 15:10:41 163840 --a------ C:\Windows\system32\NSSearch.dll <Not Verified; brother; brother NSSearch>
2007-08-19 15:10:41 106496 --a------ C:\Windows\system32\BrMuSNMP.dll
2007-08-19 15:10:41 61440 --a------ C:\Windows\system32\BrMfNt.dll <Not Verified; Brother Industries,LTD.; Brother BrMfNt>
2007-08-19 15:10:41 0 d-------- C:\Program Files\Brother
2007-08-19 13:07:22 46592 --a------ C:\Windows\system32\libusb0.dll <Not Verified; http://libusb-win32.sourceforge.net; LibUsb-Win32>
2007-08-19 13:07:22 33792 --a------ C:\Windows\system32\drivers\libusb0.sys
2007-08-19 10:07:18 0 d--h----- C:\Windows\msdownld.tmp
2007-08-19 10:07:14 0 d-------- C:\Windows\system32\directx
2007-08-17 21:40:02 0 d-------- C:\Users\All Users\Xfire
2007-08-17 16:28:28 0 d-------- C:\Users\All Users\NVIDIA
2007-08-17 1318 0 d-------- C:\Windows\Panther
2007-08-17 13:04:30 0 d-------- C:\Windows\system32\OEM
2007-08-17 13:04:29 36 -ra------ C:\Windows\DELL_VERSION
2007-08-17 12:55:58 0 d-------- C:\$WINDOWS.~Q
2007-08-17 12:32:24 0 dr------- C:\Users\CaSP3R\Searches
2007-08-17 12:31:58 0 dr------- C:\Users\CaSP3R\Contacts
2007-08-17 12:27:30 171136 -rahs---- C:\grldr
2007-08-17 09:54:40 33524 --a------ C:\Windows\system32\emptyregdb.dat
2007-08-17 09:15:41 0 d--hs---- C:\Users\CaSP3R\Templates
2007-08-17 09:15:41 0 d--hs---- C:\Users\CaSP3R\Start Menu
2007-08-17 09:15:41 0 d--hs---- C:\Users\CaSP3R\SendTo
2007-08-17 09:15:41 0 d--hs---- C:\Users\CaSP3R\Recent
2007-08-17 09:15:41 0 d--h----- C:\Users\CaSP3R\PrintHood
2007-08-17 09:15:41 0 d--hs---- C:\Users\CaSP3R\NetHood
2007-08-17 09:15:41 0 d--hs---- C:\Users\CaSP3R\My Documents
2007-08-17 09:15:41 0 d--h----- C:\Users\CaSP3R\Local Settings
2007-08-17 09:15:41 0 d--hs---- C:\Users\CaSP3R\Cookies
2007-08-17 09:15:41 0 d--hs---- C:\Users\CaSP3R\Application Data
2007-08-17 09:15:40 0 dr------- C:\Users\CaSP3R\Videos
2007-08-17 09:15:40 0 dr------- C:\Users\CaSP3R\Saved Games
2007-08-17 09:15:40 0 dr------- C:\Users\CaSP3R\Pictures
2007-08-17 09:15:40 3670016 --ahs---- C:\Users\CaSP3R\NTUSER.DAT
2007-08-17 09:15:40 0 dr------- C:\Users\CaSP3R\Links
2007-08-17 09:15:40 0 dr------- C:\Users\CaSP3R\Favorites
2007-08-17 09:15:40 0 dr------- C:\Users\CaSP3R\Downloads
2007-08-17 09:15:40 0 dr------- C:\Users\CaSP3R\Documents
2007-08-17 09:15:40 0 dr------- C:\Users\CaSP3R\Desktop
2007-08-17 09:15:40 0 d--h----- C:\Users\CaSP3R\AppData
2007-08-17 09:15:39 0 dr------- C:\Users\Administrator\Videos
2007-08-17 09:15:39 0 d--hs---- C:\Users\Administrator\Templates
2007-08-17 09:15:39 0 d--hs---- C:\Users\Administrator\Start Menu
2007-08-17 09:15:39 0 d--hs---- C:\Users\Administrator\SendTo
2007-08-17 09:15:39 0 d-------- C:\Users\Administrator\Saved Games
2007-08-17 09:15:39 0 d--hs---- C:\Users\Administrator\Recent
2007-08-17 09:15:39 0 d--h----- C:\Users\Administrator\PrintHood
2007-08-17 09:15:39 0 dr------- C:\Users\Administrator\Pictures
2007-08-17 09:15:39 524288 --ahs---- C:\Users\Administrator\NTUSER.DAT
2007-08-17 09:15:39 0 d--hs---- C:\Users\Administrator\NetHood
2007-08-17 09:15:39 0 d--hs---- C:\Users\Administrator\My Documents
2007-08-17 09:15:39 0 dr------- C:\Users\Administrator\Music
2007-08-17 09:15:39 0 d--h----- C:\Users\Administrator\Local Settings
2007-08-17 09:15:39 0 dr------- C:\Users\Administrator\Links
2007-08-17 09:15:39 0 dr------- C:\Users\Administrator\Favorites
2007-08-17 09:15:39 0 dr------- C:\Users\Administrator\Downloads
2007-08-17 09:15:39 0 dr------- C:\Users\Administrator\Documents
2007-08-17 09:15:39 0 dr------- C:\Users\Administrator\Desktop
2007-08-17 09:15:39 0 d--hs---- C:\Users\Administrator\Cookies
2007-08-17 09:15:39 0 d--hs---- C:\Users\Administrator\Application Data
2007-08-17 09:15:39 0 d--h----- C:\Users\Administrator\AppData
2007-08-17 09:13:40 0 d-------- C:\Windows\system32\URTTEMP
2007-08-17 09:13:26 0 d--hs---- C:\Windows\Installer
2007-08-17 09:10:46 0 d-------- C:\Windows\Debug
2007-08-17 09:07:30 0 d-------- C:\Windows\Prefetch
2007-08-17 08:48:00 0 d--hs---- C:\Boot
2007-08-13 19:02:34 1686282 --ahs---- C:\Windows\system32\qtstv.ini2
2007-08-12 18:22:50 0 d-------- C:\Program Files\Avanquest update
2007-08-12 18:21:10 0 d-------- C:\Program Files\Motorola Phone Tools
2007-08-09 13:31:52 0 d-------- C:\Program Files\Alcohol Soft
2007-08-06 20:28:49 0 d-------- C:\searchplugins
2007-08-06 20:27:56 0 d-------- C:\Program Files\Spyware Terminator
2007-08-03 12:24:07 0 d-------- C:\Windows\SxsCaPendDel
2007-08-03 11:52:05 0 d-------- C:\Users\All Users\STOPzilla!
2007-08-03 11:52:05 0 d-------- C:\Program Files\Common Files\iS3
2007-08-03 11:42:07 0 d-------- C:\VundoFix Backups
2007-08-03 11:25:24 0 d-------- C:\Program Files\Enigma Software Group
2007-08-02 10:07:52 574508 --a------ C:\Windows\system32\phxsqgtb.exe
2007-07-30 09:10:58 0 d-------- C:\Windows\nview
2007-07-30 09:09:51 0 d-------- C:\NVIDIA


-- Find3M Report ---------------------------------------------------------------

2007-08-27 20:20:08 0 d-------- C:\Program Files\WarRock
2007-08-27 17:47:01 0 d-------- C:\Users\CaSP3R\AppData\Roaming\Xfire
2007-08-27 17:43:53 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-08-24 08:32:57 0 d-------- C:\Users\CaSP3R\AppData\Roaming\uTorrent
2007-08-22 11:08:57 0 d-------- C:\Program Files\LimeWire
2007-08-22 11:08:15 0 d-------- C:\Program Files\Java
2007-08-21 08:45:18 0 d-------- C:\Users\CaSP3R\AppData\Roaming\Microsoft Game Studios
2007-08-21 08:45:18 0 d-------- C:\Program Files\Microsoft Games
2007-08-19 15:13:45 50 --a------ C:\Windows\system32\bridf06a.dat
2007-08-18 1433 0 d-------- C:\Program Files\Common Files
2007-08-18 11:53:31 0 d-------- C:\Users\CaSP3R\AppData\Roaming\Ventrilo
2007-08-18 09:17:31 0 d-------- C:\Program Files\Windows Mail
2007-08-18 09:17:28 0 d-------- C:\Program Files\Windows Defender
2007-08-17 12:59:53 0 d-------- C:\Program Files\Common Files\Symantec Shared
2007-08-17 09:42:02 0 d-------- C:\Users\CaSP3R\AppData\Roaming\Viewpoint
2007-08-17 09:42:01 0 d-------- C:\Users\CaSP3R\AppData\Roaming\U3
2007-08-17 09:42:01 0 d-------- C:\Users\CaSP3R\AppData\Roaming\Sunbelt Software
2007-08-17 09:42:01 0 d-------- C:\Users\CaSP3R\AppData\Roaming\Sun
2007-08-17 09:42:01 0 d-------- C:\Users\CaSP3R\AppData\Roaming\Sonic
2007-08-17 09:42:01 0 d-------- C:\Users\CaSP3R\AppData\Roaming\Smilebox
2007-08-17 09:42:00 0 dr-h----- C:\Users\CaSP3R\AppData\Roaming\SecuROM
2007-08-17 09:42:00 0 d-------- C:\Users\CaSP3R\AppData\Roaming\ScanSoft
2007-08-17 09:42:00 0 d-------- C:\Users\CaSP3R\AppData\Roaming\Research In Motion
2007-08-17 09:42:00 0 d-------- C:\Users\CaSP3R\AppData\Roaming\RegistrySmart
2007-08-17 09:41:59 0 d-------- C:\Users\CaSP3R\AppData\Roaming\Real
2007-08-17 09:41:13 0 d-------- C:\Users\CaSP3R\AppData\Roaming\NCH Swift Sound
2007-08-17 09:41:12 0 d-------- C:\Users\CaSP3R\AppData\Roaming\Mozilla
2007-08-17 09:41:10 0 d-------- C:\Users\CaSP3R\AppData\Roaming\McAfee.com Personal Firewall
2007-08-17 09:41:10 0 d-------- C:\Users\CaSP3R\AppData\Roaming\Macromedia
2007-08-17 09:41:07 0 d-------- C:\Users\CaSP3R\AppData\Roaming\Leadertech
2007-08-17 09:41:07 0 d-------- C:\Users\CaSP3R\AppData\Roaming\Lavasoft
2007-08-17 09:41:07 0 d-------- C:\Users\CaSP3R\AppData\Roaming\InstallShield
2007-08-17 09:41:07 0 d-------- C:\Users\CaSP3R\AppData\Roaming\Identities
2007-08-17 09:41:07 0 d--h----- C:\Users\CaSP3R\AppData\Roaming\Gtek
2007-08-17 09:41:07 0 d-------- C:\Users\CaSP3R\AppData\Roaming\Google
2007-08-17 09:41:07 0 d-------- C:\Users\CaSP3R\AppData\Roaming\dvdcss
2007-08-17 09:41:07 0 d-------- C:\Users\CaSP3R\AppData\Roaming\DivX
2007-08-17 09:41:07 0 d-------- C:\Users\CaSP3R\AppData\Roaming\Blackberry Desktop
2007-08-17 09:41:07 0 d-------- C:\Users\CaSP3R\AppData\Roaming\Azureus
2007-08-17 09:41:06 0 d-------- C:\Users\CaSP3R\AppData\Roaming\Audacity
2007-08-17 09:41:06 0 d-------- C:\Users\CaSP3R\AppData\Roaming\Apple Computer
2007-08-17 09:41:06 0 d-------- C:\Users\CaSP3R\AppData\Roaming\Ahead
2007-08-17 09:41:06 0 d-------- C:\Users\CaSP3R\AppData\Roaming\AdobeUM
2007-08-17 09:41:06 0 d-------- C:\Users\CaSP3R\AppData\Roaming\Adobe
2007-08-17 09:41:05 0 d-------- C:\Users\CaSP3R\AppData\Roaming\acccore
2007-08-17 09:31:58 0 d-------- C:\Program Files\Yahoo!
2007-08-17 09:31:57 0 d-------- C:\Program Files\Xfire
2007-08-17 09:31:55 0 d-------- C:\Program Files\Windows Plus
2007-08-17 09:31:54 0 d-------- C:\Program Files\Windows Live Safety Center
2007-08-17 09:31:54 0 d-------- C:\Program Files\WinAVI Video Converter
2007-08-17 09:29:08 0 d-------- C:\Program Files\uTorrent
2007-08-17 09:29:07 0 d-------- C:\Program Files\Symantec
2007-08-17 09:29:07 0 d-------- C:\Program Files\Sonic
2007-08-17 09:29:07 0 d-------- C:\Program Files\Sigmatel
2007-08-17 09:29:07 0 d-------- C:\Program Files\Search Settings Protection
2007-08-17 09:29:02 0 d-------- C:\Program Files\ScanSoft
2007-08-17 09:29:02 0 d-------- C:\Program Files\Roxio
2007-08-17 09:29:02 0 d-------- C:\Program Files\Ringtone Ripper
2007-08-17 09:29:02 0 d-------- C:\Program Files\RGB
2007-08-17 09:29:00 0 d-------- C:\Program Files\Research In Motion
2007-08-17 09:29:00 0 d-------- C:\Program Files\RegistrySmart
2007-08-17 09:28:55 0 d-------- C:\Program Files\Real
2007-08-17 09:28:45 0 d-------- C:\Program Files\Norton AntiVirus
2007-08-17 09:28:44 0 d-------- C:\Program Files\NetWaiting
2007-08-17 09:28:44 0 d-------- C:\Program Files\NCH Swift Sound
2007-08-17 09:28:44 0 d-------- C:\Program Files\MUSICMATCH
2007-08-17 09:28:43 0 d-------- C:\Program Files\MSN Gaming Zone
2007-08-17 09:28:43 0 d-------- C:\Program Files\MpegDecoder012
2007-08-17 09:28:43 0 d-------- C:\Program Files\MP3 Player Utilities 3.68
2007-08-17 09:28:33 0 d-------- C:\Program Files\Motorola
2007-08-17 09:28:33 0 d-------- C:\Program Files\Motorola Inc
2007-08-17 09:28:32 0 d-------- C:\Program Files\Modem Helper
2007-08-17 09:28:31 0 d-------- C:\Program Files\Microsoft Works
2007-08-17 09:28:22 0 d-------- C:\Program Files\Microsoft Windows OneCare Live
2007-08-17 09:28:22 0 d-------- C:\Program Files\Microsoft Plus! Photo Story 2 LE
2007-08-17 09:28:22 0 d-------- C:\Program Files\Microsoft Plus! Digital Media Edition
2007-08-17 09:27:45 0 d-------- C:\Program Files\microsoft frontpage
2007-08-17 09:27:44 0 d-------- C:\Program Files\McAfee
2007-08-17 09:27:44 0 d-------- C:\Program Files\LexmarkX63
2007-08-17 09:27:44 0 d-------- C:\Program Files\Learn2.com
2007-08-17 09:27:35 0 d-------- C:\Program Files\IrfanView
2007-08-17 09:27:35 0 d-------- C:\Program Files\iPod
2007-08-17 09:27:28 0 d-------- C:\Program Files\InterActual
2007-08-17 09:27:27 0 d-------- C:\Program Files\Intel
2007-08-17 09:27:24 0 d-------- C:\Program Files\GPL MPEG Decoder
2007-08-17 09:27:24 0 d-------- C:\Program Files\Google
2007-08-17 09:27:24 0 d-------- C:\Program Files\GameSpy Arcade
2007-08-17 09:27:20 0 d-------- C:\Program Files\EnglishOtto
2007-08-17 09:27:18 0 d-------- C:\Program Files\DivX
2007-08-17 09:27:17 0 d-------- C:\Program Files\Digital Line Detect
2007-08-17 09:27:17 0 d-------- C:\Program Files\Dell Support
2007-08-17 09:27:14 0 d-------- C:\Program Files\Dell
2007-08-17 09:27:08 0 d-------- C:\Program Files\CONEXANT
2007-08-17 09:27:08 0 d-------- C:\Program Files\Common Files\xing shared
2007-08-17 09:26:59 0 d-------- C:\Program Files\Common Files\Sonic Shared
2007-08-17 09:26:59 0 d-------- C:\Program Files\Common Files\ScanSoft Shared
2007-08-17 09:26:59 0 d-------- C:\Program Files\Common Files\Roxio Shared
2007-08-17 09:26:59 0 d-------- C:\Program Files\Common Files\Research In Motion
2007-08-17 09:26:58 0 d-------- C:\Program Files\Common Files\Real
2007-08-17 09:26:57 0 d-------- C:\Program Files\Common Files\ODBC
2007-08-17 09:26:57 0 d-------- C:\Program Files\Common Files\Nullsoft
2007-08-17 09:26:56 0 d-------- C:\Program Files\Common Files\MSSoap
2007-08-17 09:26:56 0 d-------- C:\Program Files\Common Files\Motorola Shared
2007-08-17 09:26:49 0 d-------- C:\Program Files\Common Files\Java
2007-08-17 09:26:49 0 d-------- C:\Program Files\Common Files\InstallShield
2007-08-17 09:26:47 0 d-------- C:\Program Files\Common Files\Download Manager
2007-08-17 09:26:34 0 d-------- C:\Program Files\Common Files\AOL
2007-08-17 09:26:33 0 d-------- C:\Program Files\Common Files\Ahead
2007-08-17 09:26:33 0 d-------- C:\Program Files\Common Files\Adobe
2007-08-17 09:26:23 0 d-------- C:\Program Files\BAE
2007-08-17 09:26:23 0 d-------- C:\Program Files\Audacity
2007-08-17 09:26:22 0 d-------- C:\Program Files\Apple Software Update
2007-08-17 09:26:21 0 d-------- C:\Program Files\AoA DVD Copy
2007-08-17 09:26:06 0 d-------- C:\Program Files\AIM6
2007-08-13 22:17:19 1687376 --ahs---- C:\Windows\system32\qtstv.bak2
2007-08-12 08:52:39 1687940 --ahs---- C:\Windows\system32\qtstv.bak1
2007-07-26 08:27:58 3325570 --a------ C:\Windows\system32\SBSP.dat
2007-07-26 08:27:58 11804 --a------ C:\Windows\system32\SBFC.dat
2007-07-26 08:27:34 194 --a------ C:\Windows\system32\SBRC.dat
2007-07-24 15:21:58 1137550 --ahs---- C:\Windows\system32\bcyqexod.ini2
2007-07-24 14:21:18 0 --a------ C:\Windows\system32\Biport
2007-07-24 10:39:48 6471 --ahs---- C:\Windows\system32\hjkkj.bak1
2007-07-24 09:21:08 6471 --ahs---- C:\Windows\system32\ybeeg.bak1
2007-07-24 08:03:11 6471 --ahs---- C:\Windows\system32\hhhkj.bak1
2007-07-23 23:12:15 6471 --ahs---- C:\Windows\system32\prutv.bak1
2007-07-23 21:26:58 6471 --ahs---- C:\Windows\system32\qqtwa.bak1
2007-07-23 20:20:57 6511 --ahs---- C:\Windows\system32\hgjlm.bak1
2007-07-23 17:11:36 6471 --ahs---- C:\Windows\system32\ppqss.bak1
2007-07-23 15:56:43 6471 --ahs---- C:\Windows\system32\bcbeg.bak1
2007-07-23 12:43:23 11254 --a------ C:\Windows\system32\locate.com
2007-07-23 11:51:37 6511 --ahs---- C:\Windows\system32\ghkmp.bak1
2007-07-23 10:34:09 6471 --ahs---- C:\Windows\system32\stvwa.bak1
2007-07-23 08:59:42 6511 --ahs---- C:\Windows\system32\rttss.bak1
2007-07-22 22:46:13 6488 --ahs---- C:\Windows\system32\npqss.bak1
2007-07-22 19:34:20 6528 --ahs---- C:\Windows\system32\xybeg.bak1
2007-07-22 18:30:53 6488 --ahs---- C:\Windows\system32\ututv.bak1
2007-07-22 1631 6528 --ahs---- C:\Windows\system32\fhhkj.bak1
2007-07-22 14:58:05 6528 --ahs---- C:\Windows\system32\yccdd.bak1
2007-07-22 13:50:14 7226 --ahs---- C:\Windows\system32\qtutv.ini2
2007-07-22 12:20:49 6528 --ahs---- C:\Windows\system32\qtutv.bak1
2007-07-22 10:50:21 6488 --ahs---- C:\Windows\system32\aycdd.bak1
2007-07-21 21:38:51 6529 --ahs---- C:\Windows\system32\yyadd.bak1
2007-07-21 1938 6489 --ahs---- C:\Windows\system32\dccdd.bak1
2007-07-21 15:14:02 6489 --ahs---- C:\Windows\system32\cdeeg.bak1
2007-07-21 13:53:05 6489 --ahs---- C:\Windows\system32\jjkkj.bak1
2007-07-21 12:45:08 6528 --ahs---- C:\Windows\system32\ycbeg.bak1
2007-07-21 10:29:36 6529 --ahs---- C:\Windows\system32\cbeeg.bak1
2007-07-20 18:28:32 6529 --ahs---- C:\Windows\system32\vyadd.bak1
2007-07-20 15:07:17 6529 --ahs---- C:\Windows\system32\qstwa.bak1
2007-07-20 13:01:56 6525 --ahs---- C:\Windows\system32\nqtwa.ini2
2007-07-20 10:12:24 1792620 --ahs---- C:\Windows\system32\nqtwa.bak2
2007-07-20 08:11:23 20171 --a------ C:\Windows\system32\12112335941.dll
2007-07-18 15:45:25 39246 --a------ C:\Windows\system32\yuyiihda.dll
2007-07-18 15:42:26 91805 --a------ C:\Windows\system32\hmaogims.dll
2007-07-17 15:02:53 0 --a------ C:\Windows\system32\dllh8jkd1q8.exe
2007-07-17 12:05:55 20288 --a------ C:\Windows\system32\1655514041.dll
2007-07-17 12:05:32 20288 --a------ C:\Windows\system32\165323141.dll
2007-07-17 12:05:32 20288 --a------ C:\Windows\system32\1653198441.dll
2007-07-17 12:05:11 20288 --a------ C:\Windows\system32\1651154641.dll
2007-07-16 21:44:05 3424 --a------ C:\Windows\mozver.dat
2007-07-16 17:19:49 0 d-------- C:\Users\CaSP3R\AppData\Roaming\WinRAR
2007-07-12 20:44:43 1024 --a------ C:\Users\CaSP3R\AppData\Roaming\WavCodec.wff
2007-07-02 15:41:13 3596288 --a------ C:\Windows\system32\qt-dx331.dll
2007-07-02 15:37:41 196608 --a------ C:\Windows\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2007-07-02 15:37:41 73728 --a------ C:\Windows\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2007-07-02 15:37:35 802816 --a------ C:\Windows\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2007-07-02 15:37:35 823296 --a------ C:\Windows\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
2007-07-02 15:37:35 823296 --a------ C:\Windows\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
2007-07-02 15:37:35 740442 --a------ C:\Windows\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>
2007-07-02 15:36:50 12288 --a------ C:\Windows\system32\DivXWMPExtType.dll
2007-06-29 00:43:00 1626112 --a------ C:\Windows\system32\nwiz.exe
2007-06-29 00:43:00 1019904 --a------ C:\Windows\system32\nvwimg.dll
2007-06-29 00:43:00 1703936 --a------ C:\Windows\system32\nvwdmcpl.dll
2007-06-29 00:43:00 466944 --a------ C:\Windows\system32\nvshell.dll
2007-06-29 00:43:00 1474560 --a------ C:\Windows\system32\nview.dll
2007-06-29 00:43:00 1339392 --a------ C:\Windows\system32\nvdspsch.exe
2007-06-29 00:43:00 442368 --a------ C:\Windows\system32\nvappbar.exe
2007-06-29 00:43:00 425984 --a------ C:\Windows\system32\keystone.exe
2007-06-25 09:54:32 53248 --a------ C:\Windows\uni_eh44.exe <Not Verified; ; uni_eh44.exe>
2007-06-20 19:12:57 1826495 --ahs---- C:\Windows\system32\uttss.bak2
2007-06-16 18:18:24 125972 --a------ C:\Windows\system32\xvdcnolt.dll


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1FB63E52-4D6E-48C1-A08F-F630FE50F337}]
C:\WINDOWS\system32\tuvuutt.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A5C02540-9E05-40D1-8EE7-DB5A64BC43F0}]
C:\WINDOWS\system32\vtstq.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BrMfcWnd"="C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe" [11/24/2006 08:20 PM]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [01/10/2007 12:59 AM]
"ControlCenter3"="C:\Program Files\Brother\ControlCenter3\brctrcen.exe" [07/19/2006 02:51 PM]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [07/06/2006 08:15 AM]
"IndexSearch"="C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" [03/17/2005 02:45 PM]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [07/27/2004 05:50 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [07/10/2007 10:18 AM]
"PaperPort PTD"="C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" [03/17/2005 02:25 PM]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [06/29/2007 07:24 AM]
"SearchProtection"="C:\Program Files\Search Settings Protection\SearchSettingsProtection.exe" [01/28/2007 10:47 PM]
"SetDefPrt"="C:\Program Files\Brother\Brmfl06a\BrStDvPt.exe" [09/25/2006 02:00 PM]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [10/14/2003 10:22 AM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [07/16/2007 09:43 PM]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [07/27/2004 05:50 PM]
"SigmatelSysTrayApp"="stsystra.exe" [07/24/2006 11:20 AM C:\Windows\stsystra.exe]
"Uninstall_CToolbar"="C:\Windows\Temp\CTun.exe" []
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [07/12/2007 04:00 AM]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [07/06/2007 01:15 PM]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [07/06/2007 01:15 PM]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [07/06/2007 01:15 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [11/02/2006 08:35 AM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [11/02/2006 05:45 AM]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [11/02/2006 08:36 AM]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [07/27/2004 05:50 PM]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [9/23/2005 10:05:26 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceActiveDesktopOn"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{1FB63E52-4D6E-48C1-A08F-F630FE50F337}"= C:\WINDOWS\system32\tuvuutt.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vtstq]
C:\WINDOWS\system32\vtstq.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys]
"MSKDetectorExe"=C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum
WudfServiceGroup WUDFSvc


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{442b3107-7025-11db-924a-806d6172696f}]
AutoRun\command- D:\Setup\rsrc\Autorun.exe
dinstall\command- D:\Directx\dxsetup.exe


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI



-- End of Deckard's System Scanner: finished at 2007-08-28 10:43:49 ------------
Attached Files
File Type: txt extra.txt (18.3 KB, 1 views)
Torres919 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 08-28-2007, 12:09 PM   #7 (permalink)
Manager, Security Center, TSF Academy; Analyst, Security Team
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 35,740
OS: 2000 Pro; XP Pro; XP Home


Re: Please Help!!![moved from vista]
Please go to: VirusTotal
  • On the page you'll find a "Browse" button.
  • Next to the browse button you'll see a box to enter text.
  • Please copy/paste the following in BOLD:

    C:\Windows\system32\xvdcnolt.dll

  • Then click the "Send File " button just below.
  • This will scan the file. Please be patient.
  • Once scanned, copy and paste the results in your next reply.
  • Repeat for these files:

    C:\Windows\system32\phxsqgtb.exe
    C:\Windows\system32\12112335941.dll
    C:\Windows\system32\hmaogims.dll
    C:\Windows\system32\1651154641.dll
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of ASAP since 2005
Proud Member of UNITE since 2006

Microsoft MVP - Consumer Security 2009
tetonbob is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 08-28-2007, 01:18 PM   #8 (permalink)
Registered User
 
Torres919's Avatar
 
Join Date: Aug 2007
Posts: 21
OS: vista home premium


Re: Please Help!!![moved from vista]
File xvdcnolt.dll_ received on 08.28.2007 20:36:14 (CET)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED


Result: 18/32 (56.25%)
Loading server information...
Your file is queued in position: 1.
Estimated start time is between 39 and 56 seconds.
Do not close the window until scan is complete.
The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.
If you are waiting for more than five minutes you have to resend your file.
Your file is being scanned by VirusTotal in this moment,
results will be shown as they're generated.
Compact Print results
Your file has expired or does not exists.
Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.

You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished.
Email:


Antivirus Version Last Update Result
AhnLab-V3 2007.8.29.0 2007.08.28 Win-Trojan/Morphine.125972
AntiVir 7.4.1.63 2007.08.28 TR/Dldr.ConHook.Gen
Authentium 4.93.8 2007.08.28 -
Avast 4.7.1029.0 2007.08.28 -
AVG 7.5.0.484 2007.08.28 Adware Generic2.EMC
BitDefender 7.2 2007.08.28 Packer.Morphine.B
CAT-QuickHeal 9.00 2007.08.25 AdWare.BHO.v (Not a Virus)
ClamAV 0.91.2 2007.08.28 -
DrWeb 4.33 2007.08.28 -
eSafe 7.0.15.0 2007.08.28 Suspicious Trojan/Worm
eTrust-Vet 31.1.5091 2007.08.28 -
Ewido 4.0 2007.08.28 -
FileAdvisor 1 2007.08.28 -
Fortinet 2.91.0.0 2007.08.28 -
F-Prot 4.3.2.48 2007.08.28 -
F-Secure 6.70.13030.0 2007.08.28 Packed.Win32.Morphine.a
Ikarus T3.1.1.12 2007.08.28 MalwareScope.Trojan-Spy.BZub.1
Kaspersky 4.0.2.24 2007.08.28 not-a-virus:AdWare.Win32.BHO.v
McAfee 5107 2007.08.28 -
Microsoft 1.2803 2007.08.28 VirTool:Win32/Obfuscator.E
NOD32v2 2489 2007.08.28 a variant of Win32/Adware.BHO.V
Norman 5.80.02 2007.08.28 W32/BHO.QG
Panda 9.0.0.4 2007.08.28 Suspicious file
Prevx1 V2 2007.08.28 Generic.Malware
Rising 19.38.12.00 2007.08.28 -
Sophos 4.21.0 2007.08.28 Mal/BHO-C
Sunbelt 2.2.907.0 2007.08.25 -
Symantec 10 2007.08.28 -
TheHacker 6.1.9.175 2007.08.28 Trojan/Morphine.a
VBA32 3.12.2.3 2007.08.28 Application.Win32.Adware.BHO.V
VirusBuster 4.3.26:9 2007.08.28 -
Webwasher-Gateway 6.0.1 2007.08.28 Trojan.Dldr.ConHook.Gen
Additional information
File size: 125972 bytes
MD5: 35cd07de7b32f50dbb67964fed642943
SHA1: 583bcd3f7c2c26a37153db4d8d547f55f5a8b415
packers: MORPHINE
packers: Morphine
Prevx info: http://fileinfo.prevx.com/fileinfo.a...D9D700491CC10C



File phxsqgtb.exe received on 08.28.2007 20:48:05 (CET)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED


Result: 9/32 (28.13%)
Loading server information...
Your file is queued in position: 2.
Estimated start time is between 43 and 62 seconds.
Do not close the window until scan is complete.
The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.
If you are waiting for more than five minutes you have to resend your file.
Your file is being scanned by VirusTotal in this moment,
results will be shown as they're generated.
Compact Print results
Your file has expired or does not exists.
Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.

You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished.
Email:


Antivirus Version Last Update Result
AhnLab-V3 2007.8.29.0 2007.08.28 -
AntiVir 7.4.1.63 2007.08.28 TR/Spy.Agent.HZ.7
Authentium 4.93.8 2007.08.28 -
Avast 4.7.1029.0 2007.08.28 -
AVG 7.5.0.484 2007.08.28 -
BitDefender 7.2 2007.08.28 Trojan.Spy.Agent.HZ
CAT-QuickHeal 9.00 2007.08.25 -
ClamAV 0.91.2 2007.08.28 -
DrWeb 4.33 2007.08.28 -
eSafe 7.0.15.0 2007.08.28 -
eTrust-Vet 31.1.5091 2007.08.28 -
Ewido 4.0 2007.08.28 -
FileAdvisor 1 2007.08.28 -
Fortinet 2.91.0.0 2007.08.28 -
F-Prot 4.3.2.48 2007.08.28 -
F-Secure 6.70.13030.0 2007.08.28 -
Ikarus T3.1.1.12 2007.08.28 Trojan-Spy.Win32.Agent.hz
Kaspersky 4.0.2.24 2007.08.28 -
McAfee 5107 2007.08.28 New Malware.n
Microsoft 1.2803 2007.08.28 -
NOD32v2 2489 2007.08.28 -
Norman 5.80.02 2007.08.28 W32/Suspicious_U.gen
Panda 9.0.0.4 2007.08.28 Adware/WinAntiVirus2007
Prevx1 V2 2007.08.28 -
Rising 19.38.12.00 2007.08.28 -
Sophos 4.21.0 2007.08.28 Mal/Packer
Sunbelt 2.2.907.0 2007.08.25 VIPRE.Suspicious
Symantec 10 2007.08.28 -
TheHacker 6.1.9.175 2007.08.28 -
VBA32 3.12.2.3 2007.08.28 -
VirusBuster 4.3.26:9 2007.08.28 -
Webwasher-Gateway 6.0.1 2007.08.28 Trojan.Spy.Agent.HZ.7
Additional information
File size: 574508 bytes
MD5: 560a8032962d8ee71ea07083498bbef5
SHA1: f2a50ac602da4bc449a88ac5a443ba4141777d66
packers: UPACK
packers: UPack
Sunbelt info: VIPRE.Suspicious is a generic detection for potential threats that are deemed suspicious through heuristics.



File 12112335941.dll received on 08.28.2007 21:02:09 (CET)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED


Result: 4/32 (12.5%)
Loading server information...
Your file is queued in position: 3.
Estimated start time is between 46 and 66 seconds.
Do not close the window until scan is complete.
The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.
If you are waiting for more than five minutes you have to resend your file.
Your file is being scanned by VirusTotal in this moment,
results will be shown as they're generated.
Compact Print results
Your file has expired or does not exists.
Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.

You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished.
Email:


Antivirus Version Last Update Result
AhnLab-V3 2007.8.29.0 2007.08.28 -
AntiVir 7.4.1.63 2007.08.28 TR/Hemus.1
Authentium 4.93.8 2007.08.28 -
Avast 4.7.1029.0 2007.08.28 -
AVG 7.5.0.484 2007.08.28 -
BitDefender 7.2 2007.08.28 -
CAT-QuickHeal 9.00 2007.08.25 -
ClamAV 0.91.2 2007.08.28 -
DrWeb 4.33 2007.08.28 -
eSafe 7.0.15.0 2007.08.28 -
eTrust-Vet 31.1.5091 2007.08.28 -
Ewido 4.0 2007.08.28 -
FileAdvisor 1 2007.08.28 -
Fortinet 2.91.0.0 2007.08.28 -
F-Prot 4.3.2.48 2007.08.28 -
F-Secure 6.70.13030.0 2007.08.28 -
Ikarus T3.1.1.12 2007.08.28 Win32.SuspectCrc
Kaspersky 4.0.2.24 2007.08.28 -
McAfee 5107 2007.08.28 -
Microsoft 1.2803 2007.08.28 -
NOD32v2 2489 2007.08.28 -
Norman 5.80.02 2007.08.28 -
Panda 9.0.0.4 2007.08.28 -
Prevx1 V2 2007.08.28 -
Rising 19.38.12.00 2007.08.28 -
Sophos 4.21.0 2007.08.28 -
Sunbelt 2.2.907.0 2007.08.25 Trojan-Downloader.Win32.Agent.byh
Symantec 10 2007.08.28 -
TheHacker 6.1.9.175 2007.08.28 -
VBA32 3.12.2.3 2007.08.28 -
VirusBuster 4.3.26:9 2007.08.28 -
Webwasher-Gateway 6.0.1 2007.08.28 Trojan.Hemus.1
Additional information
File size: 20171 bytes
MD5: 60744145bd656ec212372fd7cee72aa8
SHA1: d70e71414472bce6f872e914f3e632a9693426cb



File hmaogims.dll received on 08.28.2007 21:08:12 (CET)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED


Result: 4/32 (12.5%)
Loading server information...
Your file is queued in position: ___.
Estimated start time is between ___ and ___ .
Do not close the window until scan is complete.
The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.
If you are waiting for more than five minutes you have to resend your file.
Your file is being scanned by VirusTotal in this moment,
results will be shown as they're generated.
Compact Print results
Your file has expired or does not exists.
Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.

You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished.
Email:


Antivirus Version Last Update Result
AhnLab-V3 2007.8.29.0 2007.08.28 -
AntiVir 7.4.1.63 2007.08.28 TR/PSW.Gamania.B
Authentium 4.93.8 2007.08.28 -
Avast 4.7.1029.0 2007.08.28 -
AVG 7.5.0.484 2007.08.28 Lop.CW
BitDefender 7.2 2007.08.28 -
CAT-QuickHeal 9.00 2007.08.25 -
ClamAV 0.91.2 2007.08.28 -
DrWeb 4.33 2007.08.28 -
eSafe 7.0.15.0 2007.08.28 -
eTrust-Vet 31.1.5091 2007.08.28 -
Ewido 4.0 2007.08.28 -
FileAdvisor 1 2007.08.28 -
Fortinet 2.91.0.0 2007.08.28 -
F-Prot 4.3.2.48 2007.08.28 -
F-Secure 6.70.13030.0 2007.08.28 -
Ikarus T3.1.1.12 2007.08.28 -
Kaspersky 4.0.2.24 2007.08.28 -
McAfee 5107 2007.08.28 -
Microsoft 1.2803 2007.08.28 -
NOD32v2 2489 2007.08.28 -
Norman 5.80.02 2007.08.28 W32/Virtumonde.dam
Panda 9.0.0.4 2007.08.28 -
Prevx1 V2 2007.08.28 -
Rising 19.38.12.00 2007.08.28 -
Sophos 4.21.0 2007.08.28 -
Sunbelt 2.2.907.0 2007.08.25 -
Symantec 10 2007.08.28 -
TheHacker 6.1.9.175 2007.08.28 -
VBA32 3.12.2.3 2007.08.28 -
VirusBuster 4.3.26:9 2007.08.28 -
Webwasher-Gateway 6.0.1 2007.08.28 Trojan.PSW.Gamania.B
Additional information
File size: 91805 bytes
MD5: 1ab7bc8c3d848f51b9784533a702b764
SHA1: 9b999baac544cdd601882d4d3b945c3de295033e



File 1651154641.dll received on 08.28.2007 21:10:53 (CET)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED


Result: 2/32 (6.25%)
Loading server information...
Your file is queued in position: 1.
Estimated start time is between 37 and 53 seconds.
Do not close the window until scan is complete.
The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.
If you are waiting for more than five minutes you have to resend your file.
Your file is being scanned by VirusTotal in this moment,
results will be shown as they're generated.
Compact Print results
Your file has expired or does not exists.
Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.

You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished.
Email:


Antivirus Version Last Update Result
AhnLab-V3 2007.8.29.0 2007.08.28 -
AntiVir 7.4.1.63 2007.08.28 TR/Hemus.1
Authentium 4.93.8 2007.08.28 -
Avast 4.7.1029.0 2007.08.28 -
AVG 7.5.0.484 2007.08.28 -
BitDefender 7.2 2007.08.28 -
CAT-QuickHeal 9.00 2007.08.25 -
ClamAV 0.91.2 2007.08.28 -
DrWeb 4.33 2007.08.28 -
eSafe 7.0.15.0 2007.08.28 -
eTrust-Vet 31.1.5091 2007.08.28 -
Ewido 4.0 2007.08.28 -
FileAdvisor 1 2007.08.28 -
Fortinet 2.91.0.0 2007.08.28 -
F-Prot 4.3.2.48 2007.08.28 -
F-Secure 6.70.13030.0 2007.08.28 -
Ikarus T3.1.1.12 2007.08.28 -
Kaspersky 4.0.2.24 2007.08.28 -
McAfee 5107 2007.08.28 -
Microsoft 1.2803 2007.08.28 -
NOD32v2 2489 2007.08.28 -
Norman 5.80.02 2007.08.28 -
Panda 9.0.0.4 2007.08.28 -
Prevx1 V2 2007.08.28 -
Rising 19.38.12.00 2007.08.28 -
Sophos 4.21.0 2007.08.28 -
Sunbelt 2.2.907.0 2007.08.25 -
Symantec 10 2007.08.28 -
TheHacker 6.1.9.175 2007.08.28 -
VBA32 3.12.2.3 2007.08.28 -
VirusBuster 4.3.26:9 2007.08.28 -
Webwasher-Gateway 6.0.1 2007.08.28 Trojan.Hemus.1
Additional information
File size: 20288 bytes
MD5: b27b8f505a24eb09f1b315f59ed80ba8
SHA1: 7eb2567f936825f507f6a423b1e6eca10dbdcb3b
Torres919 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 08-28-2007, 01:29 PM   #9 (permalink)
Manager, Security Center, TSF Academy; Analyst, Security Team
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 35,740
OS: 2000 Pro; XP Pro; XP Home


Re: Please Help!!![moved from vista]
Nasties....

Open HijackThis and click on 'Do a System Scan Only'. Check the following entries if they exist (make sure you do not miss any) and click Fix Checked

R1 - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.811.com/saecs.html
O2 - BHO: (no name) - {1FB63E52-4D6E-48C1-A08F-F630FE50F337} - C:\WINDOWS\system32\tuvuutt.dll (file missing)
O2 - BHO: (no name) - {A5C02540-9E05-40D1-8EE7-DB5A64BC43F0} - C:\WINDOWS\system32\vtstq.dll (file missing)
O4 - HKEY_LOCAL_MACHINE\..\Run: [Uninstall_CToolbar] "C:\WINDOWS\Temp\CTun.exe" "/remove"
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra 'Tools' menuitem: (no name) - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O20 - Winlogon Notify: vtstq - C:\WINDOWS\system32\vtstq.dll (file missing)

Close HijackThis now.

---------------------------------------------------------------------------------------------

Please download the OTMoveIt by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt.exe to run it.
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

    C:\WINDOWS\Temp\CTun.exe
    C:\Windows\system32\nqtwa.bak1
    C:\Windows\system32\qtstv.ini2
    C:\VundoFix Backups
    C:\Windows\system32\phxsqgtb.exe
    C:\Windows\system32\qtstv.bak2
    C:\Windows\system32\qtstv.bak1
    C:\Windows\system32\bcyqexod.ini2
    C:\Windows\system32\hjkkj.bak1
    C:\Windows\system32\ybeeg.bak1
    C:\Windows\system32\hhhkj.bak1
    C:\Windows\system32\prutv.bak1
    C:\Windows\system32\qqtwa.bak1
    C:\Windows\system32\hgjlm.bak1
    C:\Windows\system32\ppqss.bak1
    C:\Windows\system32\bcbeg.bak1
    C:\Windows\system32\ghkmp.bak1
    C:\Windows\system32\stvwa.bak1
    C:\Windows\system32\rttss.bak1
    C:\Windows\system32\npqss.bak1
    C:\Windows\system32\xybeg.bak1
    C:\Windows\system32\ututv.bak1
    C:\Windows\system32\fhhkj.bak1
    C:\Windows\system32\yccdd.bak1
    C:\Windows\system32\qtutv.ini2
    C:\Windows\system32\qtutv.bak1
    C:\Windows\system32\aycdd.bak1
    C:\Windows\system32\yyadd.bak1
    C:\Windows\system32\dccdd.bak1
    C:\Windows\system32\cdeeg.bak1
    C:\Windows\system32\jjkkj.bak1
    C:\Windows\system32\ycbeg.bak1
    C:\Windows\system32\cbeeg.bak1
    C:\Windows\system32\vyadd.bak1
    C:\Windows\system32\qstwa.bak1
    C:\Windows\system32\nqtwa.ini2
    C:\Windows\system32\nqtwa.bak2
    C:\Windows\system32\12112335941.dll
    C:\Windows\system32\yuyiihda.dll
    C:\Windows\system32\hmaogims.dll
    C:\Windows\system32\dllh8jkd1q8.exe
    C:\Windows\system32\1655514041.dll
    C:\Windows\system32\165323141.dll
    C:\Windows\system32\1653198441.dll
    C:\Windows\system32\1651154641.dll
    C:\Windows\uni_eh44.exe
    C:\Windows\system32\uttss.bak2
    C:\Windows\system32\xvdcnolt.dll

  • Return to OTMoveIt, right click on the "Paste List of Files/Folders to be moved" window and choose Paste.
  • Click the red Moveit! button.
  • Close OTMoveIt
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Please post the log from OTMoveIt, located here:

c:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log

Where mmddyyyy_hhmmss is the date of the tool run.

---------------------------------------------------------------------------------------------

Run DSS once again, and post it's log.
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of ASAP since 2005
Proud Member of UNITE since 2006

Microsoft MVP - Consumer Security 2009
tetonbob is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 08-28-2007, 02:52 PM   #10 (permalink)
Registered User
 
Torres919's Avatar
 
Join Date: Aug 2007
Posts: 21
OS: vista home premium


Re: Please Help!!![moved from vista]
i have deleted all except...O20 - Winlogon Notify: vtstq - C:\WINDOWS\system32\vtstq.dll (file missing)...beacuse it says "unexpected error has occurred at procedure modback up(sItem=O20 - Winlogon Notify: vtstq - C:\WINDOWS\system32\vtstq.dll (file missing)
Error #5-invalid procedure call or argument" i am goin try 2 delte in safe mode i'll post if i have problem..
Torres919 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 08-28-2007, 03:02 PM   #11 (permalink)
Manager, Security Center, TSF Academy; Analyst, Security Team
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 35,740
OS: 2000 Pro; XP Pro; XP Home


Re: Please Help!!![moved from vista]
Ignore that error message, run OTMoveIt, post a new log, please.
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of ASAP since 2005
Proud Member of UNITE since 2006

Microsoft MVP - Consumer Security 2009
tetonbob is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 08-28-2007, 03:15 PM   #12 (permalink)
Registered User
 
Torres919's Avatar
 
Join Date: Aug 2007
Posts: 21
OS: vista home premium


Re: Please Help!!![moved from vista]
File/Folder C:\WINDOWS\Temp\CTun.exe not found.
C:\Windows\system32\nqtwa.bak1 moved successfully.
C:\Windows\system32\qtstv.ini2 moved successfully.
C:\VundoFix Backups moved successfully.
C:\Windows\system32\phxsqgtb.exe moved successfully.
C:\Windows\system32\qtstv.bak2 moved successfully.
C:\Windows\system32\qtstv.bak1 moved successfully.
C:\Windows\system32\bcyqexod.ini2 moved successfully.
C:\Windows\system32\hjkkj.bak1 moved successfully.
C:\Windows\system32\ybeeg.bak1 moved successfully.
C:\Windows\system32\hhhkj.bak1 moved successfully.
C:\Windows\system32\prutv.bak1 moved successfully.
C:\Windows\system32\qqtwa.bak1 moved successfully.
C:\Windows\system32\hgjlm.bak1 moved successfully.
C:\Windows\system32\ppqss.bak1 moved successfully.
C:\Windows\system32\bcbeg.bak1 moved successfully.
C:\Windows\system32\ghkmp.bak1 moved successfully.
C:\Windows\system32\stvwa.bak1 moved successfully.
C:\Windows\system32\rttss.bak1 moved successfully.
C:\Windows\system32\npqss.bak1 moved successfully.
C:\Windows\system32\xybeg.bak1 moved successfully.
C:\Windows\system32\ututv.bak1 moved successfully.
C:\Windows\system32\fhhkj.bak1 moved successfully.
C:\Windows\system32\yccdd.bak1 moved successfully.
C:\Windows\system32\qtutv.ini2 moved successfully.
C:\Windows\system32\qtutv.bak1 moved successfully.
C:\Windows\system32\aycdd.bak1 moved successfully.
C:\Windows\system32\yyadd.bak1 moved successfully.
C:\Windows\system32\dccdd.bak1 moved successfully.
C:\Windows\system32\cdeeg.bak1 moved successfully.
C:\Windows\system32\jjkkj.bak1 moved successfully.
C:\Windows\system32\ycbeg.bak1 moved successfully.
C:\Windows\system32\cbeeg.bak1 moved successfully.
C:\Windows\system32\vyadd.bak1 moved successfully.
C:\Windows\system32\qstwa.bak1 moved successfully.
C:\Windows\system32\nqtwa.ini2 moved successfully.
C:\Windows\system32\nqtwa.bak2 moved successfully.
LoadLibrary failed for C:\Windows\system32\12112335941.dll
C:\Windows\system32\12112335941.dll NOT unregistered.
C:\Windows\system32\12112335941.dll moved successfully.
LoadLibrary failed for C:\Windows\system32\yuyiihda.dll
C:\Windows\system32\yuyiihda.dll NOT unregistered.
C:\Windows\system32\yuyiihda.dll moved successfully.
LoadLibrary failed for C:\Windows\system32\hmaogims.dll
C:\Windows\system32\hmaogims.dll NOT unregistered.
C:\Windows\system32\hmaogims.dll moved successfully.
C:\Windows\system32\dllh8jkd1q8.exe moved successfully.
LoadLibrary failed for C:\Windows\system32\1655514041.dll
C:\Windows\system32\1655514041.dll NOT unregistered.
File move failed. C:\Windows\system32\1655514041.dll scheduled to be moved on reboot.
LoadLibrary failed for C:\Windows\system32\165323141.dll
C:\Windows\system32\165323141.dll NOT unregistered.
File move failed. C:\Windows\system32\165323141.dll scheduled to be moved on reboot.
LoadLibrary failed for C:\Windows\system32\1653198441.dll
C:\Windows\system32\1653198441.dll NOT unregistered.
File move failed. C:\Windows\system32\1653198441.dll scheduled to be moved on reboot.
LoadLibrary failed for C:\Windows\system32\1651154641.dll
C:\Windows\system32\1651154641.dll NOT unregistered.
File move failed. C:\Windows\system32\1651154641.dll scheduled to be moved on reboot.
File move failed. C:\Windows\uni_eh44.exe scheduled to be moved on reboot.
C:\Windows\system32\uttss.bak2 moved successfully.
C:\Windows\system32\xvdcnolt.dll unregistered successfully.
C:\Windows\system32\xvdcnolt.dll moved successfully.

Created on 08/28/2007 1759



Deckard's System Scanner v20070826.66
Run by CaSP3R on 2007-08-28 17:13:07
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Total Physical Memory: 1022 MiB (1024 MiB recommended).


-- HijackThis (run as CaSP3R.exe) ----------------------------------------------

Unable to find log (file not found); running clone.
-- HijackThis Clone ------------------------------------------------------------

Emulating logfile of HijackThis v1.99.1
Scan saved at 2007-08-28 17:14:02
Platform: Windows Vista (6.00.6000)
MSIE: Internet Explorer (7.00.6000.16386)

Running processes:
C:\Windows\System32\dwm.exe
C:\Windows\System32\taskeng.exe
C:\Windows\explorer.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Brother\ControlCenter3\BrccMCtl.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Search Settings Protection\SearchSettingsProtection.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Windows\stsystra.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\System32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Brother\Brmfcmon\BrMfcMon.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\System32\wuauclt.exe
C:\Users\CaSP3R\Desktop\dss.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en&...us&ibd=4061107
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.optimum.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/search?q=%s
R1 - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.microsoft.com/isapi/redir...ie&ar=iesearch
R1 - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://www.microsoft.com/isapi/redir...ie&ar=iesearch
R1 - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
R1 - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.com/ig/dell?hl=en&...us&ibd=4061107
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O4 - HKEY_LOCAL_MACHINE\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKEY_LOCAL_MACHINE\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKEY_LOCAL_MACHINE\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKEY_LOCAL_MACHINE\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKEY_LOCAL_MACHINE\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKEY_LOCAL_MACHINE\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKEY_LOCAL_MACHINE\..\Run: [SearchProtection] C:\Program Files\Search Settings Protection\SearchSettingsProtection.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl06a\BrStDvPt.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKEY_LOCAL_MACHINE\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKEY_LOCAL_MACHINE\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKEY_LOCAL_MACHINE\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKEY_LOCAL_MACHINE\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKEY_LOCAL_MACHINE\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKEY_LOCAL_MACHINE\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra 'Tools' menuitem: (no name) - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/s...irector/sw.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} () - http://a1540.g.akamai.net/7/1540/52/...eInstaller.exe
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/res...scbase8300.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab Class) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O18 - Protocol: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\microsoft shared\Information Retrieval\msitss.dll
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - "C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe"
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - "C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe"
O23 - Service: LibUsb-Win32 - Daemon, Version 0.1.10.1 (libusbd) - http://libusb-win32.sourceforge.net - C:\Windows\System32\libusbd-nt.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe



-- Files created between 2007-07-28 and 2007-08-28 -----------------------------

2007-12-19 14:43:05 0 d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-12-19 11:43:57 0 d-------- C:\Program Files\iTunes
2007-12-19 11:42:11 0 d-------- C:\Program Files\QuickTime
2007-12-19 11:40:26 0 d-------- C:\Users\All Users\Apple
2007-12-19 11:40:26 0 d-------- C:\Program Files\Common Files\Apple
2007-12-19 11:16:00 0 d-------- C:\Program Files\Microsoft.NET
2007-12-19 11:13:06 0 d-------- C:\Users\All Users\Microsoft Help
2007-12-19 11:12:26 0 dr-h----- C:\MSOCache
2007-08-24 16:05:05 0 d-------- C:\Program Files\SystemRequirementsLab
2007-08-23 18:27:16 0 d-------- C:\Program Files\DOOM 3
2007-08-23 08:29:45 0 d-------- C:\Program Files\SEGA
2007-08-20 17:26:32 18944 --a------ C:\Windows\system32\libusbd-nt.exe <Not Verified; http://libusb-win32.sourceforge.net; LibUsb-Win32>
2007-08-20 17:26:32 19456 --a------ C:\Windows\system32\libusbd-9x.exe <Not Verified; http://libusb-win32.sourceforge.net; LibUsb-Win32>
2007-08-20 17:26:31 0 d-------- C:\Program Files\LibUSB-Win32-0.1.10.1
2007-08-20 17:10:25 0 d-------- C:\Users\All Users\Microsoft Games
2007-08-19 15:10:41 163840 --a------ C:\Windows\system32\NSSearch.dll <Not Verified; brother; brother NSSearch>
2007-08-19 15:10:41 106496 --a------ C:\Windows\system32\BrMuSNMP.dll
2007-08-19 15:10:41 61440 --a------ C:\Windows\system32\BrMfNt.dll <Not Verified; Brother Industries,LTD.; Brother BrMfNt>
2007-08-19 15:10:41 0 d-------- C:\Program Files\Brother
2007-08-19 13:07:22 46592 --a------ C:\Windows\system32\libusb0.dll <Not Verified; http://libusb-win32.sourceforge.net; LibUsb-Win32>
2007-08-19 13:07:22 33792 --a------ C:\Windows\system32\drivers\libusb0.sys
2007-08-19 10:07:18 0 d--h----- C:\Windows\msdownld.tmp
2007-08-19 10:07:14 0 d-------- C:\Windows\system32\directx
2007-08-17 21:40:02 0 d-------- C:\Users\All Users\Xfire
2007-08-17 16:28:28 0 d-------- C:\Users\All Users\NVIDIA
2007-08-17 1318 0 d-------- C:\Windows\Panther
2007-08-17 13:04:30 0 d-------- C:\Windows\system32\OEM
2007-08-17 13:04:29 36 -ra------ C:\Windows\DELL_VERSION
2007-08-17 12:55:58 0 d-------- C:\$WINDOWS.~Q
2007-08-17 12:32:24 0 dr------- C:\Users\CaSP3R\Searches
2007-08-17 12:31:58 0 dr------- C:\Users\CaSP3R\Contacts
2007-08-17 12:27:30 171136 -rahs---- C:\grldr
2007-08-17 09:54:40 33524 --a------ C:\Windows\system32\emptyregdb.dat
2007-08-17 09:15:41 0 d--hs---- C:\Users\CaSP3R\Templates
2007-08-17 09:15:41 0 d--hs---- C:\Users\CaSP3R\Start Menu
2007-08-17 09:15:41 0 d--hs---- C:\Users\CaSP3R\SendTo
2007-08-17 09:15:41 0 d--hs---- C:\Users\CaSP3R\Recent
2007-08-17 09:15:41 0 d--h----- C:\Users\CaSP3R\PrintHood
2007-08-17 09:15:41 0 d--hs---- C:\Users\CaSP3R\NetHood
2007-08-17 09:15:41 0 d--hs---- C:\Users\CaSP3R\My Documents
2007-08-17 09:15:41 0 d--h----- C:\Users\CaSP3R\Local Settings
2007-08-17 09:15:41 0 d--hs---- C:\Users\CaSP3R\Cookies
2007-08-17 09:15:41 0 d--hs---- C:\Users\CaSP3R\Application Data
2007-08-17 09:15:40 0 dr------- C:\Users\CaSP3R\Videos
2007-08-17 09:15:40 0 dr------- C:\Users\CaSP3R\Saved Games
2007-08-17 09:15:40 0 dr------- C:\Users\CaSP3R\Pictures
2007-08-17 09:15:40 3670016 --ahs---- C:\Users\CaSP3R\NTUSER.DAT
2007-08-17 09:15:40 0 dr------- C:\Users\CaSP3R\Links
2007-08-17 09:15:40 0 dr------- C:\Users\CaSP3R\Favorites
2007-08-17 09:15:40 0 dr------- C:\Users\CaSP3R\Downloads
2007-08-17 09:15:40 0 dr------- C:\Users\CaSP3R\Documents
2007-08-17 09:15:40 0 dr------- C:\Users\CaSP3R\Desktop
2007-08-17 09:15:40 0 d--h----- C:\Users\CaSP3R\AppData
2007-08-17 09:15:39 0 dr------- C:\Users\Administrator\Videos
2007-08-17 09:15:39 0 d--hs---- C:\Users\Administrator\Templates
2007-08-17 09:15:39 0 d--hs---- C:\Users\Administrator\Start Menu
2007-08-17 09:15:39 0 d--hs---- C:\Users\Administrator\SendTo
2007-08-17 09:15:39 0 d-------- C:\Users\Administrator\Saved Games
2007-08-17 09:15:39 0 d--hs---- C:\Users\Administrator\Recent
2007-08-17 09:15:39 0 d--h----- C:\Users\Administrator\PrintHood
2007-08-17 09:15:39 0 dr------- C:\Users\Administrator\Pictures
2007-08-17 09:15:39 524288 --ahs---- C:\Users\Administrator\NTUSER.DAT
2007-08-17 09:15:39 0 d--hs---- C:\Users\Administrator\NetHood
2007-08-17 09:15:39 0 d--hs---- C:\Users\Administrator\My Documents
2007-08-17 09:15:39 0 dr------- C:\Users\Administrator\Music
2007-08-17 09:15:39 0 d--h----- C:\Users\Administrator\Local Settings
2007-08-17 09:15:39 0 dr------- C:\Users\Administrator\Links
2007-08-17 09:15:39 0 dr------- C:\Users\Administrator\Favorites
2007-08-17 09:15:39 0 dr------- C:\Users\Administrator\Downloads
2007-08-17 09:15:39 0 dr------- C:\Users\Administrator\Documents
2007-08-17 09:15:39 0 dr------- C:\Users\Administrator\Desktop
2007-08-17 09:15:39 0 d--hs---- C:\Users\Administrator\Cookies
2007-08-17 09:15:39 0 d--hs---- C:\Users\Administrator\Application Data
2007-08-17 09:15:39 0 d--h----- C:\Users\Administrator\AppData
2007-08-17 09:13:40 0 d-------- C:\Windows\system32\URTTEMP
2007-08-17 09:13:26 0 d--hs---- C:\Windows\Installer
2007-08-17 09:10:46 0 d-------- C:\Windows\Debug
2007-08-17 09:07:30 0 d-------- C:\Windows\Prefetch
2007-08-17 08:48:00 0 d--hs---- C:\Boot
2007-08-12 18:22:50 0 d-------- C:\Program Files\Avanquest update
2007-08-12 18:21:10 0 d-------- C:\Program Files\Motorola Phone Tools
2007-08-09 13:31:52 0 d-------- C:\Program Files\Alcohol Soft
2007-08-06 20:28:49 0 d-------- C:\searchplugins
2007-08-06 20:27:56 0 d-------- C:\Program Files\Spyware Terminator
2007-08-03 12:24:07 0 d-------- C:\Windows\SxsCaPendDel
2007-08-03 11:52:05 0 d-------- C:\Users\All Users\STOPzilla!
2007-08-03 11:52:05 0 d-------- C:\Program Files\Common Files\iS3
2007-08-03 11:25:24 0 d-------- C:\Program Files\Enigma Software Group
2007-07-30 09:10:58 0 d-------- C:\Windows\nview
2007-07-30 09:09:51 0 d-------- C:\NVIDIA


-- Find3M Report ---------------------------------------------------------------

2007-08-28 12:48:45 0 d-------- C:\Users\CaSP3R\AppData\Roaming\Xfire
2007-08-28 11:03:28 0 d-------- C:\Program Files\Xfire
2007-08-27 20:20:08 0 d-------- C:\Program Files\WarRock
2007-08-27 17:43:53 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-08-24 08:32:57 0 d-------- C:\Users\CaSP3R\AppData\Roaming\uTorrent
2007-08-22 11:08:57 0 d-------- C:\Program Files\LimeWire
2007-08-22 11:08:15 0 d-------- C:\Program Files\Java
2007-08-21 08:45:18 0 d-------- C:\Users\CaSP3R\AppData\Roaming\Microsoft Game Studios
2007-08-21 08:45:18 0 d-------- C:\Program Files\Microsoft Games
2007-08-19 15:13:45 50 --a------ C:\Windows\system32\bridf06a.dat
2007-08-18 1433 0 d-------- C:\Program Files\Common Files
2007-08-18 11:53:31 0 d-------- C:\Users\CaSP3R\AppData\Roaming\Ventrilo
2007-08-18 09:17:31 0 d-------- C:\Program Files\Windows Mail
2007-08-18 09:17:28 0 d-------- C:\Program Files\Windows Defender
2007-08-17 12:59:53 0 d-------- C:\Program Files\Common Files\Symantec Shared
2007-08-17 09:42:02 0 d-------- C:\Users\CaSP3R\AppData\Roaming\Viewpoint
2007-08-17 09:42:01 0 d-------- C:\Users\CaSP3R\AppData\Roaming\U3
2007-08-17 09:42:01 0 d-------- C:\Users\CaSP3R\AppData\Roaming\Sunbelt Software
2007-08-17 09:42:01 0 d-------- C:\Users\CaSP3R\AppData\Roaming\Sun
2007-08-17 09:42:01 0 d-------- C:\Users\CaSP3R\AppData\Roaming\Sonic
2007-08-17 09:42:01 0 d-------- C:\Users\CaSP3R\AppData\Roaming\Smilebox
2007-08-17 09:42:00 0 dr-h----- C:\Users\CaSP3R\AppData\Roaming\SecuROM
2007-08-17 09:42:00 0 d-------- C:\Users\CaSP3R\AppData\Roaming\ScanSoft
2007-08-17 09:42:00 0 d-------- C:\Users\CaSP3R\AppData\Roaming\Research In Motion
2007-08-17 09:42:00 0 d-------- C:\Users\CaSP3R\AppData\Roaming\RegistrySmart
2007-08-17 09:41:59 0 d-------- C:\Users\CaSP3R\AppData\Roaming\Real
2007-08-17 09:41:13 0 d-------- C:\Users\CaSP3R\AppData\Roaming\NCH Swift Sound
2007-08-17 09:41:12 0 d-------- C:\Users\CaSP3R\AppData\Roaming\Mozilla
2007-08-17 09:41:10 0 d-------- C:\Users\CaSP3R\AppData\Roaming\McAfee.com Personal Firewall
2007-08-17 09:41:10 0 d-------- C:\Users\CaSP3R\AppData\Roaming\Macromedia
2007-08-17 09:41:07 0 d-------- C:\Users\CaSP3R\AppData\Roaming\Leadertech
2007-08-17 09:41:07 0 d-------- C:\Users\CaSP3R\AppData\Roaming\Lavasoft
2007-08-17 09:41:07 0 d-------- C:\Users\CaSP3R\AppData\Roaming\InstallShield
2007-08-17 09:41:07 0 d-------- C:\Users\CaSP3R\AppData\Roaming\Identities
2007-08-17 09:41:07 0 d--h----- C:\Users\CaSP3R\AppData\Roaming\Gtek
2007-08-17 09:41:07 0 d-------- C:\Users\CaSP3R\AppData\Roaming\Google
2007-08-17 09:41:07 0 d-------- C:\Users\CaSP3R\AppData\Roaming\dvdcss
2007-08-17 09:41:07 0 d-------- C:\Users\CaSP3R\AppData\Roaming\DivX
2007-08-17 09:41:07 0 d-------- C:\Users\CaSP3R\AppData\Roaming\Blackberry Desktop
2007-08-17 09:41:07 0 d-------- C:\Users\CaSP3R\AppData\Roaming\Azureus
2007-08-17 09:41:06 0 d-------- C:\Users\CaSP3R\AppData\Roaming\Audacity
2007-08-17 09:41:06 0 d-------- C:\Users\CaSP3R\AppData\Roaming\Apple Computer
2007-08-17 09:41:06 0 d-------- C:\Users\CaSP3R\AppData\Roaming\Ahead
2007-08-17 09:41:06 0 d-------- C:\Users\CaSP3R\AppData\Roaming\AdobeUM
2007-08-17 09:41:06 0 d-------- C:\Users\CaSP3R\AppData\Roaming\Adobe
2007-08-17 09:41:05 0 d-------- C:\Users\CaSP3R\AppData\Roaming\acccore
2007-08-17 09:31:58 0 d-------- C:\Program Files\Yahoo!
2007-08-17 09:31:55 0 d-------- C:\Program Files\Windows Plus
2007-08-17 09:31:54 0 d-------- C:\Program Files\Windows Live Safety Center
2007-08-17 09:31:54 0 d-------- C:\Program Files\WinAVI Video Converter
2007-08-17 09:29:08 0 d-------- C:\Program Files\uTorrent
2007-08-17 09:29:07 0 d-------- C:\Program Files\Symantec
2007-08-17 09:29:07 0 d-------- C:\Program Files\Sonic
2007-08-17 09:29:07 0 d-------- C:\Program Files\Sigmatel
2007-08-17 09:29:07 0 d-------- C:\Program Files\Search Settings Protection
2007-08-17 09:29:02 0 d-------- C:\Program Files\ScanSoft
2007-08-17 09:29:02 0 d-------- C:\Program Files\Roxio
2007-08-17 09:29:02 0 d-------- C:\Program Files\Ringtone Ripper
2007-08-17 09:29:02 0 d-------- C:\Program Files\RGB
2007-08-17 09:29:00 0 d-------- C:\Program Files\Research In Motion
2007-08-17 09:29:00 0 d-------- C:\Program Files\RegistrySmart
2007-08-17 09:28:55 0 d-------- C:\Program Files\Real
2007-08-17 09:28:45 0 d-------- C:\Program Files\Norton AntiVirus
2007-08-17 09:28:44 0 d-------- C:\Program Files\NetWaiting
2007-08-17 09:28:44 0 d-------- C:\Program Files\NCH Swift Sound
2007-08-17 09:28:44 0 d-------- C:\Program Files\MUSICMATCH
2007-08-17 09:28:43 0 d-------- C:\Program Files\MSN Gaming Zone
2007-08-17 09:28:43 0 d-------- C:\Program Files\MpegDecoder012
2007-08-17 09:28:43 0 d-------- C:\Program Files\MP3 Player Utilities 3.68
2007-08-17 09:28:33 0 d-------- C:\Program Files\Motorola
2007-08-17 09:28:33 0 d-------- C:\Program Files\Motorola Inc
2007-08-17 09:28:32 0 d-------- C:\Program Files\Modem Helper
2007-08-17 09:28:31 0 d-------- C:\Program Files\Microsoft Works
2007-08-17 09:28:22 0 d-------- C:\Program Files\Microsoft Windows OneCare Live
2007-08-17 09:28:22 0 d-------- C:\Program Files\Microsoft Plus! Photo Story 2 LE
2007-08-17 09:28:22 0 d-------- C:\Program Files\Microsoft Plus! Digital Media Edition
2007-08-17 09:27:45 0 d-------- C:\Program Files\microsoft frontpage
2007-08-17 09:27:44 0 d-------- C:\Program Files\McAfee
2007-08-17 09:27:44 0 d-------- C:\Program Files\LexmarkX63
2007-08-17 09:27:44 0 d-------- C:\Program Files\Learn2.com
2007-08-17 09:27:35 0 d-------- C:\Program Files\IrfanView
2007-08-17 09:27:35 0 d-------- C:\Program Files\iPod
2007-08-17 09:27:28 0 d-------- C:\Program Files\InterActual
2007-08-17 09:27:27 0 d-------- C:\Program Files\Intel
2007-08-17 09:27:24 0 d-------- C:\Program Files\GPL MPEG Decoder
2007-08-17 09:27:24 0 d-------- C:\Program Files\Google
2007-08-17 09:27:24 0 d-------- C:\Program Files\GameSpy Arcade
2007-08-17 09:27:20 0 d-------- C:\Program Files\EnglishOtto
2007-08-17 09:27:18 0 d-------- C:\Program Files\DivX
2007-08-17 09:27:17 0 d-------- C:\Program Files\Digital Line Detect
2007-08-17 09:27:17 0 d-------- C:\Program Files\Dell Support
2007-08-17 09:27:14 0 d-------- C:\Program Files\Dell
2007-08-17 09:27:08 0 d-------- C:\Program Files\CONEXANT
2007-08-17 09:27:08 0 d-------- C:\Program Files\Common Files\xing shared
2007-08-17 09:26:59 0 d-------- C:\Program Files\Common Files\Sonic Shared
2007-08-17 09:26:59 0 d-------- C:\Program Files\Common Files\ScanSoft Shared
2007-08-17 09:26:59 0 d-------- C:\Program Files\Common Files\Roxio Shared
2007-08-17 09:26:59 0 d-------- C:\Program Files\Common Files\Research In Motion
2007-08-17 09:26:58 0 d-------- C:\Program Files\Common Files\Real
2007-08-17 09:26:57 0 d-------- C:\Program Files\Common Files\ODBC
2007-08-17 09:26:57 0 d-------- C:\Program Files\Common Files\Nullsoft
2007-08-17 09:26:56 0 d-------- C:\Program Files\Common Files\MSSoap
2007-08-17 09:26:56 0 d-------- C:\Program Files\Common Files\Motorola Shared
2007-08-17 09:26:49 0 d-------- C:\Program Files\Common Files\Java
2007-08-17 09:26:49 0 d-------- C:\Program Files\Common Files\InstallShield
2007-08-17 09:26:47 0 d-------- C:\Program Files\Common Files\Download Manager
2007-08-17 09:26:34 0 d-------- C:\Program Files\Common Files\AOL
2007-08-17 09:26:33 0 d-------- C:\Program Files\Common Files\Ahead
2007-08-17 09:26:33 0 d-------- C:\Program Files\Common Files\Adobe
2007-08-17 09:26:23 0 d-------- C:\Program Files\BAE
2007-08-17 09:26:23 0 d-------- C:\Program Files\Audacity
2007-08-17 09:26:22 0 d-------- C:\Program Files\Apple Software Update
2007-08-17 09:26:21 0 d-------- C:\Program Files\AoA DVD Copy
2007-08-17 09:26:06 0 d-------- C:\Program Files\AIM6
2007-07-26 08:27:58 3325570 --a------ C:\Windows\system32\SBSP.dat
2007-07-26 08:27:58 11804 --a------ C:\Windows\system32\SBFC.dat
2007-07-26 08:27:34 194 --a------ C:\Windows\system32\SBRC.dat
2007-07-24 14:21:18 0 --a------ C:\Windows\system32\Biport
2007-07-23 12:43:23 11254 --a------ C:\Windows\system32\locate.com
2007-07-17 12:05:55 20288 --a------ C:\Windows\system32\1655514041.dll
2007-07-17 12:05:32 20288 --a------ C:\Windows\system32\165323141.dll
2007-07-17 12:05:32 20288 --a------ C:\Windows\system32\1653198441.dll
2007-07-17 12:05:11 20288 --a------ C:\Windows\system32\1651154641.dll
2007-07-16 21:44:05 3424 --a------ C:\Windows\mozver.dat
2007-07-16 17:19:49 0 d-------- C:\Users\CaSP3R\AppData\Roaming\WinRAR
2007-07-12 20:44:43 1024 --a------ C:\Users\CaSP3R\AppData\Roaming\WavCodec.wff
2007-07-02 15:41:13 3596288 --a------ C:\Windows\system32\qt-dx331.dll
2007-07-02 15:37:41 196608 --a------ C:\Windows\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2007-07-02 15:37:41 73728 --a------ C:\Windows\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2007-07-02 15:37:35 802816 --a------ C:\Windows\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2007-07-02 15:37:35 823296 --a------ C:\Windows\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
2007-07-02 15:37:35 823296 --a------ C:\Windows\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
2007-07-02 15:37:35 740442 --a------ C:\Windows\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>
2007-07-02 15:36:50 12288 --a------ C:\Windows\system32\DivXWMPExtType.dll
2007-06-29 00:43:00 1626112 --a------ C:\Windows\system32\nwiz.exe
2007-06-29 00:43:00 1019904 --a------ C:\Windows\system32\nvwimg.dll
2007-06-29 00:43:00 1703936 --a------ C:\Windows\system32\nvwdmcpl.dll
2007-06-29 00:43:00 466944 --a------ C:\Windows\system32\nvshell.dll
2007-06-29 00:43:00 1474560 --a------ C:\Windows\system32\nview.dll
2007-06-29 00:43:00 1339392 --a------ C:\Windows\system32\nvdspsch.exe
2007-06-29 00:43:00 442368 --a------ C:\Windows\system32\nvappbar.exe
2007-06-29 00:43:00 425984 --a------ C:\Windows\system32\keystone.exe
2007-06-25 09:54:32 53248 --a------ C:\Windows\uni_eh44.exe <Not Verified; ; uni_eh44.exe>


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BrMfcWnd"="C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe" [11/24/2006 08:20 PM]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [01/10/2007 12:59 AM]
"ControlCenter3"="C:\Program Files\Brother\ControlCenter3\brctrcen.exe" [07/19/2006 02:51 PM]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [07/06/2006 08:15 AM]
"IndexSearch"="C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" [03/17/2005 02:45 PM]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [07/27/2004 05:50 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [07/10/2007 10:18 AM]
"PaperPort PTD"="C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" [03/17/2005 02:25 PM]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [06/29/2007 07:24 AM]
"SearchProtection"="C:\Program Files\Search Settings Protection\SearchSettingsProtection.exe" [01/28/2007 10:47 PM]
"SetDefPrt"="C:\Program Files\Brother\Brmfl06a\BrStDvPt.exe" [09/25/2006 02:00 PM]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [10/14/2003 10:22 AM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [07/16/2007 09:43 PM]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [07/27/2004 05:50 PM]
"SigmatelSysTrayApp"="stsystra.exe" [07/24/2006 11:20 AM C:\Windows\stsystra.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [07/12/2007 04:00 AM]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [07/06/2007 01:15 PM]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [07/06/2007 01:15 PM]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [07/06/2007 01:15 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [11/02/2006 08:35 AM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [11/02/2006 05:45 AM]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [11/02/2006 08:36 AM]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [07/27/2004 05:50 PM]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [9/23/2005 10:05:26 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceActiveDesktopOn"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys]
"MSKDetectorExe"=C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum
WudfServiceGroup WUDFSvc


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{442b3107-7025-11db-924a-806d6172696f}]
AutoRun\command- D:\Setup\rsrc\Autorun.exe
dinstall\command- D:\Directx\dxsetup.exe


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI



-- End of Deckard's System Scanner: finished at 2007-08-28 17:15:13 ------------
Torres919 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 08-28-2007, 03:20 PM   #13 (permalink)
Manager, Security Center, TSF Academy; Analyst, Security Team
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 35,740
OS: 2000 Pro; XP Pro; XP Home


Re: Please Help!!![moved from vista]
<edit> Did the System Reboot before you ran DSS?</edit>

These files seem to have escaped OTMoveIt...please see if by booting into safe mode you can delete them:

C:\Windows\system32\1655514041.dll
C:\Windows\system32\165323141.dll
C:\Windows\system32\1653198441.dll
C:\Windows\system32\1651154641.dll
C:\Windows\uni_eh44.exe
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of ASAP since 2005
Proud Member of UNITE since 2006

Microsoft MVP - Consumer Security 2009
Last edited by tetonbob; 08-28-2007 at 03:22 PM.
tetonbob is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 08-28-2007, 03:44 PM   #14 (permalink)
Registered User
 
Torres919's Avatar
 
Join Date: Aug 2007
Posts: 21
OS: vista home premium


Re: Please Help!!![moved from vista]
ok i did it now what
Torres919 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 08-28-2007, 03:52 PM   #15 (permalink)
Manager, Security Center, TSF Academy; Analyst, Security Team
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 35,740
OS: 2000 Pro; XP Pro; XP Home


Re: Please Help!!![moved from vista]
Ok, you're in normal mode now...and those files have been found and deleted, and the system has gone through a reboot since we ran OTMoveIt, correct?
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of ASAP since 2005
Proud Member of UNITE since 2006

Microsoft MVP - Consumer Security 2009
tetonbob is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 08-28-2007, 03:54 PM   #16 (permalink)
Registered User
 
Torres919's Avatar
 
Join Date: Aug 2007
Posts: 21
OS: vista home premium


Re: Please Help!!![moved from vista]
yep
Torres919 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 08-28-2007, 03:56 PM   #17 (permalink)
Manager, Security Center, TSF Academy; Analyst, Security Team
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 35,740
OS: 2000 Pro; XP Pro; XP Home


Re: Please Help!!![moved from vista]
Ok, great....this to confirm

Please run Deckard's System Scanner once again, this time using these instructions (This assumes DSS is on your desktop:

Press the WindowsKey + R - then copy/paste this into the run box & click OK
"%userprofile%\desktop\dss.exe" /config
Make sure only "Files Created/Modified" is checked.

Click Scan!

When finished, it shall produce a log for you. Post that log in your next reply.
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of ASAP since 2005
Proud Member of UNITE since 2006

Microsoft MVP - Consumer Security 2009
tetonbob is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 08-28-2007, 04:00 PM   #18 (permalink)
Registered User
 
Torres919's Avatar
 
Join Date: Aug 2007
Posts: 21
OS: vista home premium


Re: Please Help!!![moved from vista]
Deckard's System Scanner v20070826.66
Run by CaSP3R on 2007-08-28 17:59:41
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Total Physical Memory: 1022 MiB (1024 MiB recommended).


-- Files created between 2007-07-28 and 2007-08-28 -----------------------------

2007-12-19 14:43:05 0 d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-12-19 11:43:57 0 d-------- C:\Program Files\iTunes
2007-12-19 11:42:11 0 d-------- C:\Program Files\QuickTime
2007-12-19 11:40:26 0 d-------- C:\Users\All Users\Apple
2007-12-19 11:40:26 0 d-------- C:\Program Files\Common Files\Apple
2007-12-19 11:26:54 208248 --a------ C:\Windows\system32\muweb.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-12-19 11:26:54 271224 --a------ C:\Windows\system32\mucltui.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-12-19 11:16:44 0 d-------- C:\Program Files\Common Files\DESIGNER
2007-12-19 11:16:00 0 d-------- C:\Program Files\Microsoft.NET
2007-12-19 11:13:06 0 d-------- C:\Users\All Users\Microsoft Help
2007-12-19 11:12:26 0 dr-h----- C:\MSOCache
2007-08-28 17:52:02 1071689728 --ahs---- C:\hiberfil.sys
2007-08-28 1734 0 d-------- C:\_OTMoveIt
2007-08-28 10:40:34 0 d-------- C:\Windows\ERDNT
2007-08-28 10:39:38 0 d-------- C:\Deckard
2007-08-24 16:53:20 307200 --a------ C:\Windows\system32\nvexpbar.dll <Not Verified; NVIDIA Corporation; NVIDIA Control Panel>
2007-08-24 16:53:20 753664 --a------ C:\Windows\system32\nvcplui.exe <Not Verified; NVIDIA Corporation; NVIDIA Control Panel>
2007-08-24 16:41:40 356352 --a------ C:\Windows\system32\NVUNINST.EXE <Not Verified; NVIDIA Corporation; NVIDIA Corporation>
2007-08-24 16:05:05 0 d-------- C:\Program Files\SystemRequirementsLab
2007-08-23 18:27:16 0 d-------- C:\Program Files\DOOM 3
2007-08-23 08:29:45 0 d-------- C:\Program Files\SEGA
2007-08-22 11:08:17 139264 --a------ C:\Windows\system32\javaws.exe <Not Verified; Sun Microsystems, Inc.; Java(TM) Platform SE 6 U2>
2007-08-22 11:08:17 135168 --a------ C:\Windows\system32\javaw.exe <Not Verified; Sun Microsystems, Inc.; Java(TM) Platform SE 6 U2>
2007-08-22 11:08:17 135168 --a------ C:\Windows\system32\java.exe <Not Verified; Sun Microsystems, Inc.; Java(TM) Platform SE 6 U2>
2007-08-22 09:52:43 43352 --a------ C:\Windows\system32\wups2.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-08-22 09:52:43 1524224 --a------ C:\Windows\system32\wucltux.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-08-22 09:52:43 1712984 --a------ C:\Windows\system32\wuaueng.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-08-22 09:52:43 53080 --a------ C:\Windows\system32\wuauclt.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-08-22 09:52:01 80896 --a------ C:\Windows\system32\wudriver.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-08-22 09:52:00 33624 --a------ C:\Windows\system32\wups.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-08-22 09:52:00 549720 --a------ C:\Windows\system32\wuapi.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-08-22 09:51:36 163000 --a------ C:\Windows\system32\wuwebv.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-08-22 09:51:36 31232 --a------ C:\Windows\system32\wuapp.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-08-20 17:26:32 18944 --a------ C:\Windows\system32\libusbd-nt.exe <Not Verified; http://libusb-win32.sourceforge.net; LibUsb-Win32>
2007-08-20 17:26:32 19456 --a------ C:\Windows\system32\libusbd-9x.exe <Not Verified; http://libusb-win32.sourceforge.net; LibUsb-Win32>
2007-08-20 17:26:31 0 d-------- C:\Program Files\LibUSB-Win32-0.1.10.1
2007-08-20 17:10:25 0 d-------- C:\Users\All Users\Microsoft Games
2007-08-19 15:10:43 1519616 --a------ C:\Windows\system32\BrWia06c.dll <Not Verified; Brother Industries, Ltd.; Brother Industries, Ltd.>
2007-08-19 15:10:43 39424 --a------ C:\Windows\system32\BrUsi06c.dll <Not Verified; Brother Industries, Ltd.; Brother STI minidriver>
2007-08-19 15:10:41 163840 --a------ C:\Windows\system32\NSSearch.dll <Not Verified; brother; brother NSSearch>
2007-08-19 15:10:41 106496 --a------ C:\Windows\system32\BrMuSNMP.dll
2007-08-19 15:10:41 61440 --a------ C:\Windows\system32\BrMfNt.dll <Not Verified; Brother Industries,LTD.; Brother BrMfNt>
2007-08-19 15:10:41 0 d-------- C:\Program Files\Brother
2007-08-19 13:07:22 46592 --a------ C:\Windows\system32\libusb0.dll <Not Verified; http://libusb-win32.sourceforge.net; LibUsb-Win32>
2007-08-19 13:07:22 33792 --a------ C:\Windows\system32\drivers\libusb0.sys
2007-08-19 10:09:27 267112 --a------ C:\Windows\system32\xactengine2_9.dll <Not Verified; Microsoft Corporation; Microsoft® DirectX for Windows®>
2007-08-19 10:09:26 444776 --a------ C:\Windows\system32\d3dx10_35.dll <Not Verified; Microsoft Corporation; Microsoft® DirectX for Windows®>
2007-08-19 10:09:26 1358192 --a------ C:\Windows\system32\D3DCompiler_35.dll <Not Verified; Microsoft Corporation; Microsoft® DirectX for Windows®>
2007-08-19 10:09:24 3727720 --a------ C:\Windows\system32\d3dx9_35.dll <Not Verified; Microsoft Corporation; Microsoft® DirectX for Windows®>
2007-08-19 10:09:23 266088 --a------ C:\Windows\system32\xactengine2_8.dll <Not Verified; Microsoft Corporation; Microsoft® DirectX for Windows®>
2007-08-19 10:09:23 18280 --a------ C:\Windows\system32\x3daudio1_2.dll <Not Verified; Microsoft Corporation; Microsoft® DirectX for Windows®>
2007-08-19 10:09:22 443752 --a------ C:\Windows\system32\d3dx10_34.dll <Not Verified; Microsoft Corporation; Microsoft® DirectX for Windows®>
2007-08-19 10:09:22 1124720 --a------ C:\Windows\system32\D3DCompiler_34.dll <Not Verified; Microsoft Corporation; Microsoft® DirectX for Windows®>
2007-08-19 10:09:20 3497832 --a------ C:\Windows\system32\d3dx9_34.dll <Not Verified; Microsoft Corporation; Microsoft® DirectX for Windows®>
2007-08-19 10:09:19 261480 --a------ C:\Windows\system32\xactengine2_7.dll <Not Verified; Microsoft Corporation; Microsoft® DirectX for Windows®>
2007-08-19 10:09:18 255848 --a------ C:\Windows\system32\xactengine2_6.dll <Not Verified; Microsoft Corporation; Microsoft® DirectX for Windows®>
2007-08-19 10:09:17 251672 --a------ C:\Windows\system32\xactengine2_5.dll <Not Verified; Microsoft Corporation; Microsoft® DirectX for Windows®>
2007-08-19 10:09:16 440080 --a------ C:\Windows\system32\d3dx10.dll <Not Verified; Microsoft Corporation; Microsoft® DirectX for Windows®>
2007-08-19 10:09:15 3426072 --a------ C:\Windows\system32\d3dx9_32.dll <Not Verified; Microsoft Corporation; Microsoft® DirectX for Windows®>
2007-08-19 10:09:14 237848 --a------ C:\Windows\system32\xactengine2_4.dll <Not Verified; Microsoft Corporation; Microsoft® DirectX for Windows®>
2007-08-19 10:09:14 15128 --a------ C:\Windows\system32\x3daudio1_1.dll <Not Verified; Microsoft Corporation; Microsoft® DirectX for Windows®>
2007-08-19 10:09:13 62744 --a------ C:\Windows\system32\xinput1_2.dll <Not Verified; Microsoft Corporation; Microsoft® DirectX for Windows®>
2007-08-19 10:09:13 236824 --a------ C:\Windows\system32\xactengine2_3.dll <Not Verified; Microsoft Corporation; Microsoft® DirectX for Windows®>
2007-08-19 10:09:12 230168 --a------ C:\Windows\system32\xactengine2_2.dll <Not Verified; Microsoft Corporation; Microsoft® DirectX for Windows®>
2007-08-19 10:09:11 62672 --a------ C:\Windows\system32\xinput1_1.dll <Not Verified; Microsoft Corporation; Microsoft® DirectX for Windows®>
2007-08-19 10:09:10 229584 --a------ C:\Windows\system32\xactengine2_1.dll <Not Verified; Microsoft Corporation; Microsoft® DirectX for Windows®>
2007-08-19 10:09:00 230096 --a------ C:\Windows\system32\xactengine2_0.dll <Not Verified; Microsoft Corporation; Microsoft® DirectX for Windows®>
2007-08-19 10:09:00 14032 --a------ C:\Windows\system32\x3daudio1_0.dll <Not Verified; Microsoft Corporation; Microsoft® DirectX for Windows®>
2007-08-19 10:08:58 2332368 --a------ C:\Windows\system32\d3dx9_29.dll <Not Verified; Microsoft Corporation; Microsoft® DirectX for Windows®>
2007-08-19 10:08:56 2319568 --a------ C:\Windows\system32\d3dx9_27.dll <Not Verified; Microsoft Corporation; Microsoft® DirectX for Windows®>
2007-08-19 10:08:50 2297552 --a------ C:\Windows\system32\d3dx9_26.dll <Not Verified; Microsoft Corporation; Microsoft® DirectX for Windows®>
2007-08-19 10:08:48 2222800 --a------ C:\Windows\system32\d3dx9_24.dll <Not Verified; Microsoft Corporation; Microsoft® DirectX for Windows®>
2007-08-19 10:07:18 0 d--h----- C:\Windows\msdownld.tmp
2007-08-19 10:07:14 0 d-------- C:\Windows\system32\directx
2007-08-18 12:45:51 1244672 --a------ C:\Windows\system32\mcmde.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-08-17 23:29:52 84480 --a------ C:\Windows\system32\INETRES.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-08-17 23:29:52 737792 --a------ C:\Windows\system32\inetcomm.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-08-17 23:29:51 87040 --a------ C:\Windows\system32\msoert2.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-08-17 23:29:51 205824 --a------ C:\Windows\system32\msoeacct.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-08-17 23:29:51 39424 --a------ C:\Windows\system32\ACCTRES.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-08-17 23:29:00 49664 --a------ C:\Windows\system32\csrsrv.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-08-17 23:28:59 376320 --a------ C:\Windows\system32\winsrv.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-08-17 23:27:48 55296 --a------ C:\Windows\system32\drivers\USBSTOR.SYS <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-08-17 23:27:28 374456 --a------ C:\Windows\system32\mcupdate_GenuineIntel.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-08-17 23:27:08 414208 --a------ C:\Windows\system32\msscp.dll <Not Verified; Microsoft Corporation; Microsoft® DRM>
2007-08-17 23:26:44 392192 --a------ C:\Windows\system32\FirewallAPI.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-08-17 23:26:43 16896 --a------ C:\Windows\system32\wfapigp.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-08-17 23:26:43 396800 --a------ C:\Windows\system32\MPSSVC.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-08-17 23:26:43 86016 --a------ C:\Windows\system32\icfupgd.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-08-17 23:26:43 63488 --a------ C:\Windows\system32\drivers\mpsdrv.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-08-17 23:26:42 178688 --a------ C:\Windows\system32\iphlpsvc.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-08-17 23:26:42 23040 --a------ C:\Windows\system32\drivers\tunnel.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-08-17 23:26:42 15360 --a------ C:\Windows\system32\drivers\TUNMP.SYS <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-08-17 23:26:42 61952 --a------ C:\Windows\system32\cmifw.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-08-17 23:26:18 8147968 --a------ C:\Windows\system32\wmploc.DLL <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-08-17 23:26:17 10617344 --a------ C:\Windows\system32\wmp.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-08-17 23:26:17 7680 --a------ C:\Windows\system32\spwmp.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-08-17 23:26:16 4096 --a------ C:\Windows\system32\dxmasf.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-08-17 23:25:58 104448 --a------ C:\Windows\system32\DWWIN.EXE <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-08-17 23:25:41 2048 --a------ C:\Windows\system32\msxml3r.dll <Not Verified; Microsoft Corporation; Microsoft Data Access Components>
2007-08-17 23:25:41 1191936 --a------ C:\Windows\system32\msxml3.dll <Not Verified; Microsoft Corporation; Microsoft(R) MSXML 3.0 SP9>
2007-08-17 23:25:18 4247552 --a------ C:\Windows\system32\GameUXLegacyGDFs.dll <Not Verified; Microsoft; Legacy GDF resource DLL>
2007-08-17 23:25:18 1686528 --a------ C:\Windows\system32\gameux.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-08-17 23:23:31 2048 --a------ C:\Windows\system32\tzres.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-08-17 23:22:46 223232 --a------ C:\Windows\system32\SLC.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-08-17 23:22:46 268288 --a------ C:\Windows\system32\mcbuilder.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-08-17 23:22:45 33280 --a------ C:\Windows\system32\slwmi.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-08-17 23:22:44 57856 --a------ C:\Windows\system32\SLUINotify.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-08-17 23:22:44 351232 --a------ C:\Windows\system32\SLUI.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-08-17 23:22:44 186368 --a------ C:\Windows\system32\SLLUA.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-08-17 23:22:44 566784 --a------ C:\Windows\system32\SLCommDlg.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-08-17 23:22:43 2605568 --a------ C:\Windows\system32\SLsvc.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-08-17 23:22:43 39936 --a------ C:\Windows\system32\slcinst.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-08-17 23:22:20 2048 --a------ C:\Windows\system32\msxml6r.dll <Not Verified; Microsoft Corporation; Microsoft(R) MSXML 6.0>
2007-08-17 23:22:20 1335296 --a------ C:\Windows\system32\msxml6.dll <Not Verified; Microsoft Corporation; Microsoft(R) MSXML 6.0 SP1>
2007-08-17 23:21:14 3583488 --a------ C:\Windows\system32\mshtml.dll <Not Verified; Microsoft Corporation; Windows® Internet Explorer>
2007-08-17 23:21:13 477696 --a------ C:\Windows\system32\mshtmled.dll <Not Verified; Microsoft Corporation; Windows® Internet Explorer>
2007-08-17 23:21:12 180736 --a------ C:\Windows\system32\ieui.dll <Not Verified; Microsoft Corporation; Windows® Internet Explorer>
2007-08-17 23:21:11 6058496 --a------ C:\Windows\system32\ieframe.dll <Not Verified; Microsoft Corporation; Windows® Internet Explorer>
2007-08-17 23:21:10 1152000 --a------ C:\Windows\system32\urlmon.dll <Not Verified; Microsoft Corporation; Windows® Internet Explorer>
2007-08-17 23:21:09 823808 --a------ C:\Windows\system32\wininet.dll <Not Verified; Microsoft Corporation; Windows® Internet Explorer>
2007-08-17 23:21:09 27648 --a------ C:\Windows\system32\jsproxy.dll <Not Verified; Microsoft Corporation; Windows® Internet Explorer>
2007-08-17 23:21:09 124928 --a------ C:\Windows\system32\advpack.dll <Not Verified; Microsoft Corporation; Windows® Internet Explorer>
2007-08-17 23:21:08 56320 --a------ C:\Windows\system32\iesetup.dll <Not Verified; Microsoft Corporation; Windows® Internet Explorer>
2007-08-17 23:21:08 44544 --a------ C:\Windows\system32\iernonce.dll <Not Verified; Microsoft Corporation; Windows® Internet Explorer>
2007-08-17 23:21:08 63488 --a------ C:\Windows\system32\ie4uinit.exe <Not Verified; Microsoft Corporation; Windows® Internet Explorer>
2007-08-17 23:21:07 26624 --a------ C:\Windows\system32\ieUnatt.exe <Not Verified; Microsoft Corporation; Windows® Internet Explorer>
2007-08-17 23:21:05 671232 --a------ C:\Windows\system32\mstime.dll <Not Verified; Microsoft Corporation; Windows® Internet Explorer>
2007-08-17 23:21:05 2455488 --a------ C:\Windows\system32\ieapfltr.dat <Not Verified; Microsoft Corporation; Windows® Internet Explorer>
2007-08-17 23:21:04 383488 --a------ C:\Windows\system32\ieapfltr.dll <Not Verified; Microsoft Corporation; Windows® Internet Explorer>
2007-08-17 23:20:33 5120 --a------ C:\Windows\system32\wmi.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-08-17 23:20:33 12800 --a------ C:\Windows\system32\drivers\fs_rec.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-08-17 23:20:32 152576 --a------ C:\Windows\system32\imagehlp.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-08-17 23:20:13 2026496 --a------ C:\Windows\system32\win32k.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-08-17 23:20:11 633856 --a------ C:\Windows\system32\user32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-08-17 21:40:02 0 d-------- C:\Users\All Users\Xfire
2007-08-17 16:28:28 0 d-------- C:\Users\All Users\NVIDIA
2007-08-17 13:56:42 53760 --a------ C:\Windows\system32\drivers\hdaudbus.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-08-17 13:56:04 974336 --a------ C:\Windows\system32\crypt32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-08-17 1318 0 d-------- C:\Windows\Panther
2007-08-17 13:05:47 246784 -----n--- C:\Windows\system32\drivers\iaStor.sys <Not Verified; Intel Corporation; Intel Matrix Storage Manager driver>
2007-08-17 13:05:37 112128 --a------ C:\Windows\system32\staco.dll <Not Verified; SigmaTel, Inc.; C-Major Audio>
2007-08-17 13:05:37 208896 --a------ C:\Windows\system32\stacapi.dll <Not Verified; SigmaTel, Inc.; C-Major Audio>
2007-08-17 13:05:37 1156648 --a------ C:\Windows\system32\drivers\sthda.sys <Not Verified; SigmaTel, Inc.; C-Major Audio>
2007-08-17 13:05:23 862 --a------ C:\Windows\system32\termcap
2007-08-17 13:04:30 0 d-------- C:\Windows\system32\OEM
2007-08-17 13:04:29 36 -ra------ C:\Windows\DELL_VERSION
2007-08-17 12:55:58 0 d-------- C:\$WINDOWS.~Q
2007-08-17 12:32:24 0 dr------- C:\Users\CaSP3R\Searches
2007-08-17 12:31:58 0 dr------- C:\Users\CaSP3R\Contacts
2007-08-17 12:27:30 171136 -rahs---- C:\grldr
2007-08-17 09:54:40 33524 --a------ C:\Windows\system32\emptyregdb.dat
2007-08-17 09:15:41 0 d--hs---- C:\Users\CaSP3R\Templates
2007-08-17 09:15:41 0 d--hs---- C:\Users\CaSP3R\Start Menu
2007-08-17 09:15:41 0 d--hs---- C:\Users\CaSP3R\SendTo
2007-08-17 09:15:41 0 d--hs---- C:\Users\CaSP3R\Recent
2007-08-17 09:15:41 0 d--h----- C:\Users\CaSP3R\PrintHood
2007-08-17 09:15:41 0 d--hs---- C:\Users\CaSP3R\NetHood
2007-08-17 09:15:41 0 d--hs---- C:\Users\CaSP3R\My Documents
2007-08-17 09:15:41 0 d--h----- C:\Users\CaSP3R\Local Settings
2007-08-17 09:15:41 0 d--hs---- C:\Users\CaSP3R\Cookies
2007-08-17 09:15:41 0 d--hs---- C:\Users\CaSP3R\Application Data
2007-08-17 09:15:40 0 dr------- C:\Users\CaSP3R\Videos
2007-08-17 09:15:40 0 dr------- C:\Users\CaSP3R\Saved Games
2007-08-17 09:15:40 0 dr------- C:\Users\CaSP3R\Pictures
2007-08-17 09:15:40 3670016 --ahs---- C:\Users\CaSP3R\NTUSER.DAT
2007-08-17 09:15:40 0 dr------- C:\Users\CaSP3R\Links
2007-08-17 09:15:40 0 dr------- C:\Users\CaSP3R\Favorites
2007-08-17 09:15:40 0 dr------- C:\Users\CaSP3R\Downloads
2007-08-17 09:15:40 0 dr------- C:\Users\CaSP3R\Documents
2007-08-17 09:15:40 0 dr------- C:\Users\CaSP3R\Desktop
2007-08-17 09:15:40 0 d--h----- C:\Users\CaSP3R\AppData
2007-08-17 09:15:39 0 dr------- C:\Users\Administrator\Videos
2007-08-17 09:15:39 0 d--hs---- C:\Users\Administrator\Templates
2007-08-17 09:15:39 0 d--hs---- C:\Users\Administrator\Start Menu
2007-08-17 09:15:39 0 d--hs---- C:\Users\Administrator\SendTo
2007-08-17 09:15:39 0 d-------- C:\Users\Administrator\Saved Games
2007-08-17 09:15:39 0 d--hs---- C:\Users\Administrator\Recent
2007-08-17 09:15:39 0 d--h----- C:\Users\Administrator\PrintHood
2007-08-17 09:15:39 0 dr------- C:\Users\Administrator\Pictures
2007-08-17 09:15:39 524288 --ahs---- C:\Users\Administrator\NTUSER.DAT
2007-08-17 09:15:39 0 d--hs---- C:\Users\Administrator\NetHood
2007-08-17 09:15:39 0 d--hs---- C:\Users\Administrator\My Documents
2007-08-17 09:15:39 0 dr------- C:\Users\Administrator\Music
2007-08-17 09:15:39 0 d--h----- C:\Users\Administrator\Local Settings
2007-08-17 09:15:39 0 dr------- C:\Users\Administrator\Links
2007-08-17 09:15:39 0 dr------- C:\Users\Administrator\Favorites
2007-08-17 09:15:39 0 dr------- C:\Users\Administrator\Downloads
2007-08-17 09:15:39 0 dr------- C:\Users\Administrator\Documents
2007-08-17 09:15:39 0 dr------- C:\Users\Administrator\Desktop
2007-08-17 09:15:39 0 d--hs---- C:\Users\Administrator\Cookies
2007-08-17 09:15:39 0 d--hs---- C:\Users\Administrator\Application Data
2007-08-17 09:15:39 0 d--h----- C:\Users\Administrator\AppData
2007-08-17 09:13:40 0 d-------- C:\Windows\system32\URTTEMP
2007-08-17 09:13:26 0 d--hs---- C:\Windows\Installer
2007-08-17 09:10:46 0 d-------- C:\Windows\Debug
2007-08-17 09:07:30 0 d-------- C:\Windows\Prefetch
2007-08-17 08:48:01 438840 -rahs---- C:\bootmgr
2007-08-17 08:48:00 0 d--hs---- C:\Boot
2007-08-12 18:22:50 0 d-------- C:\Program Files\Avanquest update
2007-08-12 18:21:10 0 d-------- C:\Program Files\Motorola Phone Tools
2007-08-09 13:31:52 0 d-------- C:\Program Files\Alcohol Soft
2007-08-09 12:57:06 2337488 --a------ C:\Windows\system32\d3dx9_25.dll <Not Verified; Microsoft Corporation; Microsoft® DirectX for Windows®>
2007-08-06 20:28:49 0 d-------- C:\searchplugins
2007-08-06 20:27:56 0 d-------- C:\Program Files\Spyware Terminator
2007-08-05 22:15:28 0 d-------- C:\Program Files\WinRAR
2007-08-03 12:24:07 0 d-------- C:\Windows\SxsCaPendDel
2007-08-03 11:52:05 0 d-------- C:\Users\All Users\STOPzilla!
2007-08-03 11:52:05 0 d-------- C:\Program Files\Common Files\iS3
2007-08-03 11:25:24 0 d-------- C:\Program Files\Enigma Software Group
2007-07-30 09:10:58 0 d-------- C:\Windows\nview
2007-07-30 09:09:51 0 d-------- C:\NVIDIA


-- Find3M Report ---------------------------------------------------------------

2007-08-28 17:57:21 626738 --a------ C:\Windows\system32\perfh009.dat
2007-08-28 17:57:21 107508 --a------ C:\Windows\system32\perfc009.dat
2007-08-28 17:52:13 67584 --a-s---- C:\Windows\bootstat.dat
2007-08-28 17:52:00 1610612736 --ahs---- C:\pagefile.sys
2007-08-28 15:28:14 103736 --a------ C:\Windows\system32\PnkBstrB.exe
2007-08-28 12:48:45 0 d-------- C:\Users\CaSP3R\AppData\Roaming\Xfire
2007-08-28 11:03:28 0 d-------- C:\Program Files\Xfire
2007-08-27 20:20:08 0 d-------- C:\Program Files\WarRock
2007-08-27 17:43:53 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-08-24 09:44:08 0 d---s---- C:\Users\CaSP3R\AppData\Roaming\Microsoft
2007-08-24 08:32:57 0 d-------- C:\Users\CaSP3R\AppData\Roaming\uTorrent
2007-08-22 11:08:57 0 d-------- C:\Program Files\LimeWire
2007-08-22 11:08:15 0 d-------- C:\Program Files\Java
2007-08-21 08:45:18 0 d-------- C:\Users\CaSP3R\AppData\Roaming\Microsoft Game Studios
2007-08-21 08:45:18 0 d-------- C:\Program Files\Microsoft Games
2007-08-20 17:10:36 0 d-------- C:\Program Files\Common Files\microsoft shared
2007-08-19 15:13:45 50 --a------ C:\Windows\system32\bridf06a.dat
2007-08-18 1433 0 d-------- C:\Program Files\Common Files
2007-08-18 11:53:31 0 d-------- C:\Users\CaSP3R\AppData\Roaming\Ventrilo
2007-08-18 09:18:29 396784 --a------ C:\Windows\system32\FNTCACHE.DAT
2007-08-18 09:17:31 0 d-------- C:\Program Files\Windows Mail
2007-08-18 09:17:31 0 d-------- C:\Program Files\Common Files\System
2007-08-18 09:17:28 0 d-------- C:\Program Files\Windows Defender
2007-08-18 09:17:25 0 d-------- C:\Program Files\Windows Media Player
2007-08-18 09:17:18 0 d-------- C:\Program Files\Internet Explorer
2007-08-17 12:59:53 0 d-------- C:\Program Files\Common Files\Symantec Shared
2007-08-17 09:42:02 0 d-------- C:\Users\CaSP3R\AppData\Roaming\Viewpoint
2007-08-17 09:42:01 0 d-------- C:\Users\CaSP3R\AppData\Roaming\U3
2007-08-17 09:42:01 0 d-------- C:\Users\CaSP3R\AppData\Roaming\Sunbelt Software
2007-08-17 09:42:01 0 d-------- C:\Users\CaSP3R\AppData\Roaming\Sun
2007-08-17 09:42:01 0 d-------- C:\Users\CaSP3R\AppData\Roaming\Sonic
2007-08-17 09:42:01 0 d-------- C:\Users\CaSP3R\AppData\Roaming\Smilebox
2007-08-17 09:42:00 0 dr-h----- C:\Users\CaSP3R\AppData\Roaming\SecuROM
2007-08-17 09:42:00 0 d-------- C:\Users\CaSP3R\AppData\Roaming\ScanSoft
2007-08-17 09:42:00 0 d-------- C:\Users\CaSP3R\AppData\Roaming\Research In Motion
2007-08-17 09:42:00 0 d-------- C:\Users\CaSP3R\AppData\Roaming\RegistrySmart
2007-08-17 09:41:59 0 d-------- C:\Users\CaSP3R\AppData\Roaming\Real
2007-08-17 09:41:13 0 d-------- C:\Users\CaSP3R\AppData\Roaming\NCH Swift Sound
2007-08-17 09:41:12 0 d-------- C:\Users\CaSP3R\AppData\Roaming\Mozilla
2007-08-17 09:41:10 0 d-------- C:\Users\CaSP3R\AppData\Roaming\McAfee.com Personal Firewall
2007-08-17 09:41:10 0 d-------- C:\Users\CaSP3R\AppData\Roaming\Macromedia
2007-08-17 09:41:07 0 d-------- C:\Users\CaSP3R\AppData\Roaming\Leadertech
2007-08-17 09:41:07 0 d-------- C:\Users\CaSP3R\AppData\Roaming\Lavasoft
2007-08-17 09:41:07 0 d-------- C:\Users\CaSP3R\AppData\Roaming\InstallShield
2007-08-17 09:41:07 0 d-------- C:\Users\CaSP3R\AppData\Roaming\Identities
2007-08-17 09:41:07 0 d--h----- C:\Users\CaSP3R\AppData\Roaming\Gtek
2007-08-17 09:41:07 0 d-------- C:\Users\CaSP3R\AppData\Roaming\Google
2007-08-17 09:41:07 0 d-------- C:\Users\CaSP3R\AppData\Roaming\dvdcss
2007-08-17 09:41:07 0 d-------- C:\Users\CaSP3R\AppData\Roaming\DivX
2007-08-17 09:41:07 0 d-------- C:\Users\CaSP3R\AppData\Roaming\Blackberry Desktop
2007-08-17 09:41:07 0 d-------- C:\Users\CaSP3R\AppData\Roaming\Azureus
2007-08-17 09:41:06 0 d-------- C:\Users\CaSP3R\AppData\Roaming\Audacity
2007-08-17 09:41:06 0 d-------- C:\Users\CaSP3R\AppData\Roaming\Apple Computer
2007-08-17 09:41:06 0 d-------- C:\Users\CaSP3R\AppData\Roaming\Ahead
2007-08-17 09:41:06 0 d-------- C:\Users\CaSP3R\AppData\Roaming\AdobeUM
2007-08-17 09:41:06 0 d-------- C:\Users\CaSP3R\AppData\Roaming\Adobe
2007-08-17 09:41:05 0 d-------- C:\Users\CaSP3R\AppData\Roaming\acccore
2007-08-17 09:31:58 0 d-------- C:\Program Files\Yahoo!
2007-08-17 09:31:56 0 d-------- C:\Program Files\xerox
2007-08-17 09:31:55 0 d-------- C:\Program Files\Windows Plus
2007-08-17 09:31:54 0 d-------- C:\Program Files\Windows Live Safety Center
2007-08-17 09:31:54 0 d-------- C:\Program Files\WinAVI Video Converter
2007-08-17 09:29:08 0 d-------- C:\Program Files\uTorrent
2007-08-17 09:29:07 0 d-------- C:\Program Files\Symantec
2007-08-17 09:29:07 0 d-------- C:\Program Files\Sonic
2007-08-17 09:29:07 0 d-------- C:\Program Files\Sigmatel
2007-08-17 09:29:07 0 d-------- C:\Program Files\Search Settings Protection
2007-08-17 09:29:02 0 d-------- C:\Program Files\ScanSoft
2007-08-17 09:29:02 0 d-------- C:\Program Files\Roxio
2007-08-17 09:29:02 0 d-------- C:\Program Files\Ringtone Ripper
2007-08-17 09:29:02 0 d-------- C:\Program Files\RGB
2007-08-17 09:29:00 0 d-------- C:\Program Files\Research In Motion
2007-08-17 09:29:00 0 d-------- C:\Program Files\RegistrySmart
2007-08-17 09:28:55 0 d-------- C:\Program Files\Real
2007-08-17 09:28:45 0 d-------- C:\Program Files\Norton AntiVirus
2007-08-17 09:28:44 0 d-------- C:\Program Files\NetWaiting
2007-08-17 09:28:44 0 d-------- C:\Program Files\NCH Swift Sound
2007-08-17 09:28:44 0 d-------- C:\Program Files\MUSICMATCH
2007-08-17 09:28:43 0 d-------- C:\Program Files\MSN
2007-08-17 09:28:43 0 d-------- C:\Program Files\MSN Gaming Zone
2007-08-17 09:28:43 0 d-------- C:\Program Files\MpegDecoder012
2007-08-17 09:28:43 0 d-------- C:\Program Files\MP3 Player Utilities 3.68
2007-08-17 09:28:42 0 d-------- C:\Program Files\Mozilla Firefox
2007-08-17 09:28:33 0 d-------- C:\Program Files\Motorola
2007-08-17 09:28:33 0 d-------- C:\Program Files\Motorola Inc
2007-08-17 09:28:32 0 d-------- C:\Program Files\Modem Helper
2007-08-17 09:28:31 0 d-------- C:\Program Files\Microsoft Works
2007-08-17 09:28:22 0 d-------- C:\Program Files\Microsoft Windows OneCare Live
2007-08-17 09:28:22 0 d-------- C:\Program Files\Microsoft Visual Studio
2007-08-17 09:28:22 0 d-------- C:\Program Files\Microsoft Plus! Photo Story 2 LE
2007-08-17 09:28:22 0 d-------- C:\Program Files\Microsoft Plus! Digital Media Edition
2007-08-17 09:28:20 0 d-------- C:\Program Files\Microsoft Office
2007-08-17 09:27:45 0 d-------- C:\Program Files\microsoft frontpage
2007-08-17 09:27:44 0 d-------- C:\Program Files\McAfee
2007-08-17 09:27:44 0 d-------- C:\Program Files\LexmarkX63
2007-08-17 09:27:44 0 d-------- C:\Program Files\Learn2.com
2007-08-17 09:27:35 0 d-------- C:\Program Files\IrfanView
2007-08-17 09:27:35 0 d-------- C:\Program Files\iPod
2007-08-17 09:27:28 0 d-------- C:\Program Files\InterActual
2007-08-17 09:27:27 0 d-------- C:\Program Files\Intel
2007-08-17 09:27:24 0 d-------- C:\Program Files\GPL MPEG Decoder
2007-08-17 09:27:24 0 d-------- C:\Program Files\Google
2007-08-17 09:27:24 0 d-------- C:\Program Files\GameSpy Arcade
2007-08-17 09:27:20 0 d-------- C:\Program Files\EnglishOtto
2007-08-17 09:27:18 0 d-------- C:\Program Files\DivX
2007-08-17 09:27:17 0 d-------- C:\Program Files\Digital Line Detect
2007-08-17 09:27:17 0 d-------- C:\Program Files\Dell Support
2007-08-17 09:27:14 0 d-------- C:\Program Files\Dell
2007-08-17 09:27:08 0 d-------- C:\Program Files\CONEXANT
2007-08-17 09:27:08 0 d-------- C:\Program Files\Common Files\xing shared
2007-08-17 09:26:59 0 d-------- C:\Program Files\Common Files\Sonic Shared
2007-08-17 09:26:59 0 d-------- C:\Program Files\Common Files\ScanSoft Shared
2007-08-17 09:26:59 0 d-------- C:\Program Files\Common Files\Roxio Shared
2007-08-17 09:26:59 0 d-------- C:\Program Files\Common Files\Research In Motion
2007-08-17 09:26:58 0 d-------- C:\Program Files\Common Files\Real
2007-08-17 09:26:57 0 d-------- C:\Program Files\Common Files\ODBC
2007-08-17 09:26:57 0 d-------- C:\Program Files\Common Files\Nullsoft
2007-08-17 09:26:56 0 d-------- C:\Program Files\Common Files\MSSoap
2007-08-17 09:26:56 0 d-------- C:\Program Files\Common Files\Motorola Shared
2007-08-17 09:26:49 0 d-------- C:\Program Files\Common Files\Java
2007-08-17 09:26:49 0 d-------- C:\Program Files\Common Files\InstallShield
2007-08-17 09:26:47 0 d-------- C:\Program Files\Common Files\Download Manager
2007-08-17 09:26:34 0 d-------- C:\Program Files\Common Files\AOL
2007-08-17 09:26:33 0 d-------- C:\Program Files\Common Files\Ahead
2007-08-17 09:26:33 0 d-------- C:\Program Files\Common Files\Adobe
2007-08-17 09:26:23 0 d-------- C:\Program Files\BAE
2007-08-17 09:26:23 0 d-------- C:\Program Files\Audacity
2007-08-17 09:26:22 0 d-------- C:\Program Files\Apple Software Update
2007-08-17 09:26:21 0 d-------- C:\Program Files\AoA DVD Copy
2007-08-17 09:26:06 0 d-------- C:\Program Files\AIM6
2007-08-17 09:26:02 0 d-------- C:\Program Files\Adobe
2007-08-06 16:30:15 66872 --a------ C:\Windows\system32\PnkBstrA.exe
2007-08-03 00:34:10 16789464 --a------ C:\Windows\system32\mrt.exe <Not Verified; Microsoft Corporation; Microsoft Windows Malicious Software Removal Tool>
2007-07-26 08:27:58 3325570 --a------ C:\Windows\system32\SBSP.dat
2007-07-26 08:27:58 11804 --a------ C:\Windows\system32\SBFC.dat
2007-07-26 08:27:34 194 --a------ C:\Windows\system32\SBRC.dat
2007-07-24 14:21:18 0 --a------ C:\Windows\system32\Biport
2007-07-23 12:43:23 11254 --a------ C:\Windows\system32\locate.com
2007-07-16 21:44:17 185952 --a------ C:\Windows\system32\rmoc3260.dll <Not Verified; RealNetworks, Inc.; Real Player(tm) ActiveX Control>
2007-07-16 21:44:05 3424 --a------ C:\Windows\mozver.dat
2007-07-16 21:44:00 5632 --a------ C:\Windows\system32\pndx5032.dll <Not Verified; RealNetworks, Inc.; RealPlayer (32-bit) 5.0 Beta 1>
2007-07-16 21:44:00 6656 --a------ C:\Windows\system32\pndx5016.dll <Not Verified; RealNetworks, Inc.; RealPlayer (32-bit) 5.0 Beta 1>
2007-07-16 21:43:59 278528 --a------ C:\Windows\system32\pncrt.dll <Not Verified; Real Networks, Inc; RealPlayer/RealServer>
2007-07-16 17:19:49 0 d-------- C:\Users\CaSP3R\AppData\Roaming\WinRAR
2007-07-13 09:30:48 107888 --a------ C:\Windows\system32\CmdLineExt.dll <Not Verified; Sony DADC Austria AG.; >
2007-07-12 20:44:43 1024 --a------ C:\Users\CaSP3R\AppData\Roaming\WavCodec.wff
2007-07-06 13:15:00 2330624 --a------ C:\Windows\system32\nvwss.dll <Not Verified; NVIDIA Corporation; NVIDIA Workstation Server>
2007-07-06 13:15:00 1501184 --a------ C:\Windows\system32\nvwgf2um.dll <Not Verified; NVIDIA Corporation; NVIDIA D3D10 drivers>
2007-07-06 13:15:00 3518464 --a------ C:\Windows\system32\nvvitvs.dll <Not Verified; NVIDIA Corporation; NVIDIA Video and TV Server>
2007-07-06 13:15:00 356352 --a------ C:\Windows\system32\nvudisp.exe <Not Verified; NVIDIA Corporation; NVIDIA Corporation>
2007-07-06 13:15:00 86016 --a------ C:\Windows\system32\nvsvc.dll <Not Verified; NVIDIA Corporation; NVIDIA Driver Helper Service, Version 162.22>
2007-07-06 13:15:00 6922240 --a------ C:\Windows\system32\nvoglv32.dll <Not Verified; NVIDIA Corporation; NVIDIA Compatible OpenGL ICD>
2007-07-06 13:15:00 1142784 --a------ C:\Windows\system32\nvmobls.dll <Not Verified; NVIDIA Corporation; NVIDIA Mobile Server>
2007-07-06 13:15:00 81920 --a------ C:\Windows\system32\nvmctray.dll <Not Verified; NVIDIA Corporation; NVIDIA Media Center Library>
2007-07-06 13:15:00 188416 --a------ C:\Windows\system32\nvmccss.dll <Not Verified; NVIDIA Corporation; NVIDIA MCCS Server>
2007-07-06 13:15:00 45056 --a------ C:\Windows\system32\nvmccsrs.dll <Not Verified; NVIDIA Corporation; NVIDIA Display Properties Extension>
2007-07-06 13:15:00 229376 --a------ C:\Windows\system32\nvmccs.dll <Not Verified; NVIDIA Corporation; NVIDIA Display Properties Extension>
2007-07-06 13:15:00 3321856 --a------ C:\Windows\system32\nvgames.dll <Not Verified; NVIDIA Corporation; NVIDIA 3D Settings Server>
2007-07-06 13:15:00 6234112 --a------ C:\Windows\system32\nvdisps.dll <Not Verified; NVIDIA Corporation; NVIDIA Display Server>
2007-07-06 13:15:00 4788224 --a------ C:\Windows\system32\nvd3dum.dll <Not Verified; NVIDIA Corporation; NVIDIA Windows Vista WDDM driver>
2007-07-06 13:15:00 8466432 --a------ C:\Windows\system32\nvcpl.dll <Not Verified; NVIDIA Corporation; NVIDIA Compatible Windows 2000 Display driver, Version 162.22>
2007-07-06 13:15:00 147456 --a------ C:\Windows\system32\nvcolor.exe <Not Verified; NVIDIA Corporation; NVIDIA Compatible Windows 2000 Display driver, Version 162.22>
2007-07-06 13:15:00 37376 --a------ C:\Windows\system32\nvcod100.dll <Not Verified; NVIDIA Corporation; NVIDIA Corporation>
2007-07-06 13:15:00 37376 --a------ C:\Windows\system32\nvcod.dll <Not Verified; NVIDIA Corporation; NVIDIA Corporation>
2007-07-06 13:15:00 360448 --a------ C:\Windows\system32\nvapi.dll <Not Verified; NVIDIA Corporation; NVIDIA Windows drivers>
2007-07-06 13:15:00 521128 --a------ C:\Windows\system32\dpinst.exe <Not Verified; Microsoft Corporation; Driver Package Installer (DPInst)>
2007-07-02 15:41:16 524288 --a------ C:\Windows\system32\DivXsm.exe <Not Verified; DivX Inc.; DivX Inc. divxsm>
2007-07-02 15:41:13 3596288 --a------ C:\Windows\system32\qt-dx331.dll
2007-07-02 15:41:11 183032 --a------ C:\Windows\system32\PxMas.dll <Not Verified; Sonic Solutions; Px Mastering Engine>
2007-07-02 15:41:11 72440 --a------ C:\Windows\system32\pxhpinst.exe <Not Verified; Sonic Solutions; >
2007-07-02 15:41:10 379640 --a------ C:\Windows\system32\PxWave.dll <Not Verified; Sonic Solutions; PxWave>
2007-07-02 15:41:10 1329912 --a------ C:\Windows\system32\pxsfs.dll <Not Verified; Sonic Solutions; Px Streaming Mastering Engine>
2007-07-02 15:41:10 118520 --a------ C:\Windows\system32\pxinsi64.exe <Not Verified; Sonic Solutions; >
2007-07-02 15:41:10 64760 --a------ C:\Windows\system32\pxinsa64.exe <Not Verified; Sonic Solutions; >
2007-07-02 15:41:10 502520 --a------ C:\Windows\system32\pxdrv.dll <Not Verified; Sonic Solutions; Px>
2007-07-02 15:41:10 116472 --a------ C:\Windows\system32\pxcpyi64.exe <Not Verified; Sonic Solutions; >
2007-07-02 15:41:10 64760 --a------ C:\Windows\system32\pxcpya64.exe <Not Verified; Sonic Solutions; >
2007-07-02 15:41:10 527096 --a------ C:\Windows\system32\Px.dll <Not Verified; Sonic Solutions; Px>
2007-07-02 15:41:09 39672 --a------ C:\Windows\system32\VXBLOCK.dll <Not Verified; Sonic Solutions; >
2007-07-02 15:41:09 129784 --a------ C:\Windows\system32\pxafs.dll <Not Verified; Sonic Solutions; PxAFS Dynamic Link Library>
2007-07-02 15:41:04 200704 --a------ C:\Windows\system32\ssldivx.dll <Not Verified; The OpenSSL Project, http://www.openssl.org/; The OpenSSL Toolkit>
2007-07-02 15:41:04 1044480 --a------ C:\Windows\system32\libdivx.dll <Not Verified; The OpenSSL Project, http://www.openssl.org/; The OpenSSL Toolkit>
2007-07-02 15:37:41 196608 --a------ C:\Windows\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2007-07-02 15:37:41 73728 --a------ C:\Windows\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2007-07-02 15:37:39 53248 --a------ C:\Windows\system32\dpuGUI10.dll <Not Verified; DivXNetworks; DivXNetworks dpuGUI10>
2007-07-02 15:37:38 57344 --a------ C:\Windows\system32\dpv11.dll <Not Verified; DivXNetworks; DivXNetworks dpv11>
2007-07-02 15:37:38 344064 --a------ C:\Windows\system32\dpus11.dll <Not Verified; DivXNetworks; DivXNetworks dpus11>
2007-07-02 15:37:38 593920 --a------ C:\Windows\system32\dpuGUI11.dll <Not Verified; DivXNetworks; DivXNetworks dpuGUI11>
2007-07-02 15:37:38 294912 --a------ C:\Windows\system32\dpu11.dll <Not Verified; DivXNetworks; DivXNetworks dpu11>
2007-07-02 15:37:38 294912 --a------ C:\Windows\system32\dpu10.dll <Not Verified; DivXNetworks; DivXNetworks dpu11>
2007-07-02 15:37:35 802816 --a------ C:\Windows\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2007-07-02 15:37:35 823296 --a------ C:\Windows\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
2007-07-02 15:37:35 823296 --a------ C:\Windows\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
2007-07-02 15:37:35 740442 --a------ C:\Windows\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>
2007-07-02 15:36:50 12288 --a------ C:\Windows\system32\DivXWMPExtType.dll
2007-07-02 15:36:50 124472 --a------ C:\Windows\system32\DivXCodecUpdateChecker.exe <Not Verified; DivX, Inc.; DivX codec Update Checker>
2007-06-29 00:43:00 1626112 --a------ C:\Windows\system32\nwiz.exe
2007-06-29 00:43:00 1019904 --a------ C:\Windows\system32\nvwimg.dll
2007-06-29 00:43:00 1703936 --a------ C:\Windows\system32\nvwdmcpl.dll
2007-06-29 00:43:00 466944 --a------ C:\Windows\system32\nvshell.dll
2007-06-29 00:43:00 1474560 --a------ C:\Windows\system32\nview.dll
2007-06-29 00:43:00 1339392 --a------ C:\Windows\system32\nvdspsch.exe
2007-06-29 00:43:00 442368 --a------ C:\Windows\system32\nvappbar.exe
2007-06-29 00:43:00 425984 --a------ C:\Windows\system32\keystone.exe
2007-06-27 04:27:05 13824 --a------ C:\Windows\system32\ieudinit.exe <Not Verified; Microsoft Corporation; Windows® Internet Explorer>
2007-06-20 19:16:08 48776 --a------ C:\Windows\system32\S32EVNT1.DLL <Not Verified; Symantec Corporation; SYMEVENT>


-- End of Deckard's System Scanner: finished at 2007-08-28 17:59:53 ------------
Torres919 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 08-28-2007, 04:04 PM   #19 (permalink)
Manager, Security Center, TSF Academy; Analyst, Security Team
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 35,740
OS: 2000 Pro; XP Pro; XP Home


Re: Please Help!!![moved from vista]
Good job....LOL, victim of my own instructions....thanks. I see I had you untick Whitelisted entries.

This next bit will take some time. I'd like you to run this online scan, in the event we've missed any nasties, or they have dates of creation earlier than our tools have looked.

Establish an internet connection & perform an online scan with Internet Explorer at Kaspersky Online Scanner

Answer Yes, when prompted to install an ActiveX component.
  • The program will then begin downloading the latest definition files.
  • Once the files have been downloaded click on NEXT
  • Locate the Scan Settings button & configure to:
    • Scan using the following Anti-Virus database:
      • Extended
    • Scan Options:
      • Scan Archives
      • Scan Mail Bases
  • Click OK & have it scan My Computer
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  • Click the Save as Text button to save the file to your desktop so that you may post it in your next reply
* Turn off the real time scanner of any existing antivirus program while performing the online scan

Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the licence, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.

---------------------------------------------------------------------------------------------

Open HijackThis and click on 'Do a System Scan and save a Logfile'. Save the log file and post it here.

---------------------------------------------------------------------------------------------
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of ASAP since 2005
Proud Member of UNITE since 2006

Microsoft MVP - Consumer Security 2009
tetonbob is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 08-28-2007, 06:09 PM   #20 (permalink)
Registered User
 
Torres919's Avatar
 
Join Date: Aug 2007
Posts: 21
OS: vista home premium


Re: Please Help!!![moved from vista]
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Tuesday, August 28, 2007 8:05:07 PM
Operating System: Microsoft Windows Vista Home Edition, (Build 6000)
Kaspersky Online Scanner version: 5.0.93.0
Kaspersky Anti-Virus database last update: 29/08/2007
Kaspersky Anti-Virus database records: 395351
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\
F:\

Scan Statistics:
Total number of scanned objects: 124900
Number of viruses found: 5
Number of infected objects: 18
Number of suspicious objects: 2
Duration of the scan process: 01:42:42

Infected Object Name / Virus Name / Last Action
C:\Boot\BCD Object is locked skipped
C:\Boot\BCD.LOG Object is locked skipped
C:\Deckard\System Scanner\20070828171254\backup\Users\CaSP3R\AppData\Local\Temp\Rar$EX04.970\backups\backup-20070828-082710-661.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.la skipped
C:\NTDETECT.COM Object is locked skipped
C:\ntldr Object is locked skipped
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\logs\sw_ae-20070828-175306.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\EENGINE\EPERSIST.DAT Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\NFWEVT.LOG Object is locked skipped
C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.ilg Object is locked skipped
C:\Program Files\InstallShield Installation Information\{7F142D56-3326-11D5-B229-002078017FBF}\setup.ilg Object is locked skipped
C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\setup.ilg Object is locked skipped
C:\Program Files\Norton AntiVirus\AVApp.log Object is locked skipped
C:\Program Files\Norton AntiVirus\AVError.log Object is locked skipped
C:\Program Files\Norton AntiVirus\AVVirus.log Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\3ad391678a806ec4d691e83aaa393b6f_24adf822-76f7-4481-b30b-ff1b40f8687f Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\f686aace6942fb7f7ceb231212eef4a4_24adf822-76f7-4481-b30b-ff1b40f8687f Object is locked skipped
C:\ProgramData\Microsoft\eHome\Recording\Recordings.xml Object is locked skipped
C:\ProgramData\Microsoft\User Account Pictures\Administrator.dat Object is locked skipped
C:\ProgramData\Spybot - Search & Destroy\Recovery\YazzleSudoku.zip/Yazzle1162OinUninstaller.exe Suspicious: Password-protected-EXE skipped
C:\ProgramData\Spybot - Search & Destroy\Recovery\YazzleSudoku.zip ZIP: suspicious - 1 skipped
C:\ProgramData\Symantec\Common Client\settings.bak Object is locked skipped
C:\ProgramData\Symantec\Common Client\settings.dat Object is locked skipped
C:\ProgramData\Symantec\LiveUpdate\2007-08-28_Log.ALUSchedulerSvc.LiveUpdate Object is locked skipped
C:\ProgramData\Symantec\Shared\QBackup\index.qbs Object is locked skipped
C:\ProgramData\Symantec\SPBBC\BBConfig.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\BBDebug.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\BBDetect.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\BBNotify.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\BBRefr.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\BBSetCfg.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\BBSetCfg2.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\BBSetDev.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\BBSetLoc.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\BBSetUsr.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\BBStHash.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\BBValid.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\SPPolicy.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\SPStart.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\SPStop.log Object is locked skipped
C:\ProgramData\Symantec\SRTSP\Quarantine\AP03D3F31E Object is locked skipped
C:\ProgramData\Symantec\SRTSP\Quarantine\AP0DD208DE Object is locked skipped
C:\ProgramData\Symantec\SRTSP\Quarantine\AP125F30F5.dll Object is locked skipped
C:\ProgramData\Symantec\SRTSP\Quarantine\AP150A5F11.dll Object is locked skipped
C:\ProgramData\Symantec\SRTSP\Quarantine\AP1AED0FBA Object is locked skipped
C:\ProgramData\Symantec\SRTSP\Quarantine\AP281AD6F5.dll Object is locked skipped
C:\ProgramData\Symantec\SRTSP\Quarantine\AP2E080FE8 Object is locked skipped
C:\ProgramData\Symantec\SRTSP\Quarantine\AP361AFD43 Object is locked skipped
C:\ProgramData\Symantec\SRTSP\Quarantine\AP36C5C3EC.dll Object is locked skipped
C:\ProgramData\Symantec\SRTSP\Quarantine\AP3AA9E3F7 Object is locked skipped
C:\ProgramData\Symantec\SRTSP\Quarantine\AP3C2E84CD.dll Object is locked skipped
C:\ProgramData\Symantec\SRTSP\Quarantine\AP4151ADD7.dll Object is locked skipped
C:\ProgramData\Symantec\SRTSP\Quarantine\AP47C05575.dll Object is locked skipped
C:\ProgramData\Symantec\SRTSP\Quarantine\AP4BE55A01.dll Object is locked skipped
C:\ProgramData\Symantec\SRTSP\Quarantine\AP58D98661 Object is locked skipped
C:\ProgramData\Symantec\SRTSP\Quarantine\AP5E3DB00C Object is locked skipped
C:\ProgramData\Symantec\SRTSP\Quarantine\AP5E9865C1.dll Object is locked skipped
C:\ProgramData\Symantec\SRTSP\Quarantine\AP6A537498.dll Object is locked skipped
C:\ProgramData\Symantec\SRTSP\Quarantine\AP6A64DB5C Object is locked skipped
C:\ProgramData\Symantec\SRTSP\Quarantine\AP6DE8DE12.dll Object is locked skipped
C:\ProgramData\Symantec\SRTSP\Quarantine\AP6E8A2246.dll Object is locked skipped
C:\ProgramData\Symantec\SRTSP\Quarantine\AP713D98C3 Object is locked skipped
C:\ProgramData\Symantec\SRTSP\Quarantine\AP8093D3FB.dll Object is locked skipped
C:\ProgramData\Symantec\SRTSP\Quarantine\AP82C49E24 Object is locked skipped
C:\ProgramData\Symantec\SRTSP\Quarantine\AP86342CFF Object is locked skipped
C:\ProgramData\Symantec\SRTSP\Quarantine\AP8866DB8C.dll Object is locked skipped
C:\ProgramData\Symantec\SRTSP\Quarantine\AP8943A04F.dll Object is locked skipped
C:\ProgramData\Symantec\SRTSP\Quarantine\AP8B6B5370.dll Object is locked skipped
C:\ProgramData\Symantec\SRTSP\Quarantine\AP906E37DA.dll Object is locked skipped
C:\ProgramData\Symantec\SRTSP\Quarantine\AP92B230F4.dll Object is locked skipped
C:\ProgramData\Symantec\SRTSP\Quarantine\AP92BB977E Object is locked skipped
C:\ProgramData\Symantec\SRTSP\Quarantine\AP943945C0 Object is locked skipped
C:\ProgramData\Symantec\SRTSP\Quarantine\AP98F27BE3.dll Object is locked skipped
C:\ProgramData\Symantec\SRTSP\Quarantine\AP999CC8C3 Object is locked skipped
C:\ProgramData\Symantec\SRTSP\Quarantine\APA0D4D290 Object is locked skipped
C:\ProgramData\Symantec\SRTSP\Quarantine\APAC20B8E5 Object is locked skipped
C:\ProgramData\Symantec\SRTSP\Quarantine\APB19A04D3 Object is locked skipped
C:\ProgramData\Symantec\SRTSP\Quarantine\APB6143815 Object is locked skipped
C:\ProgramData\Symantec\SRTSP\Quarantine\APB6BA1BD5.dll Object is locked skipped
C:\ProgramData\Symantec\SRTSP\Quarantine\APC8797151 Object is locked skipped
C:\ProgramData\Symantec\SRTSP\Quarantine\APCFA3FFE9.dll Object is locked skipped
C:\ProgramData\Symantec\SRTSP\Quarantine\APD6EF0CCA Object is locked skipped
C:\ProgramData\Symantec\SRTSP\Quarantine\APDC414C54.dll Object is locked skipped
C:\ProgramData\Symantec\SRTSP\Quarantine\APE0EA6A4A Object is locked skipped
C:\ProgramData\Symantec\SRTSP\Quarantine\APE4A03377 Object is locked skipped
C:\ProgramData\Symantec\SRTSP\Quarantine\APE8CAB6BC Object is locked skipped
C:\ProgramData\Symantec\SRTSP\Quarantine\APEC298EBB Object is locked skipped
C:\ProgramData\Symantec\SRTSP\Quarantine\APECAD768D Object is locked skipped
C:\ProgramData\Symantec\SRTSP\Quarantine\APF4DB74FE Object is locked skipped
C:\ProgramData\Symantec\SRTSP\Quarantine\APF4EA42D5 Object is locked skipped
C:\ProgramData\Symantec\SRTSP\Quarantine\APF57B3D34 Object is locked skipped
C:\ProgramData\Symantec\SRTSP\Quarantine\APFE74FE9D Object is locked skipped
C:\ProgramData\Symantec\SRTSP\SrtErEvt.log Object is locked skipped
C:\ProgramData\Symantec\SRTSP\SrtETmp\5DFA22AE.TMP Object is locked skipped
C:\ProgramData\Symantec\SRTSP\SrtMoEvt.log Object is locked skipped
C:\ProgramData\Symantec\SRTSP\SrtNvEvt.log Object is locked skipped
C:\ProgramData\Symantec\SRTSP\SrtScEvt.log Object is locked skipped
C:\ProgramData\Symantec\SRTSP\SrtTxFEvt.log Object is locked skipped
C:\ProgramData\Symantec\SRTSP\SrtViEvt.log Object is locked skipped
C:\ProgramData\Symantec\SubEng\submissions.idx Object is locked skipped
C:\ProgramData\Symantec\SymNetDrv\sndalrt.log Object is locked skipped
C:\ProgramData\Symantec\SymNetDrv\sndcon.log Object is locked skipped
C:\ProgramData\Symantec\SymNetDrv\snddbg.log Object is locked skipped
C:\ProgramData\Symantec\SymNetDrv\sndfw.log Object is locked skipped
C:\ProgramData\Symantec\SymNetDrv\sndids.log Object is locked skipped
C:\ProgramData\Symantec\SymNetDrv\sndsys.log Object is locked skipped
C:\Users\CaSP3R\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat Object is locked skipped
C:\Users\CaSP3R\AppData\Local\Microsoft\Windows\History\Low\History.IE5\index.dat Object is locked skipped
C:\Users\CaSP3R\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Users\CaSP3R\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Users\CaSP3R\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.dat Object is locked skipped
C:\Users\CaSP3R\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT Object is locked skipped
C:\Users\CaSP3R\AppData\Local\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Users\CaSP3R\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG1 Object is locked skipped
C:\Users\CaSP3R\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG2 Object is locked skipped
C:\Users\CaSP3R\AppData\Local\Microsoft\Windows\UsrClass.dat{c50ad7ff-4cc2-11dc-8f3a-001676d83003}.TM.blf Object is locked skipped
C:\Users\CaSP3R\AppData\Local\Microsoft\Windows\UsrClass.dat{c50ad7ff-4cc2-11dc-8f3a-001676d83003}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Users\CaSP3R\AppData\Local\Microsoft\Windows\UsrClass.dat{c50ad7ff-4cc2-11dc-8f3a-001676d83003}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Users\CaSP3R\AppData\Local\Microsoft\Windows\WindowsUpdate.log Object is locked skipped
C:\Users\CaSP3R\AppData\Local\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Users\CaSP3R\AppData\Local\Microsoft\Windows Sidebar\Settings.ini Object is locked skipped
C:\Users\CaSP3R\AppData\Local\Temp\Low\~DFBC23.tmp Object is locked skipped
C:\Users\CaSP3R\AppData\Local\Temp\Low\~DFBC2E.tmp Object is locked skipped
C:\Users\CaSP3R\AppData\Roaming\Microsoft\Windows\Cookies\index.dat Object is locked skipped
C:\Users\CaSP3R\AppData\Roaming\Microsoft\Windows\Cookies\Low\index.dat Object is locked skipped
C:\Users\CaSP3R\NTUSER.DAT Object is locked skipped
C:\Users\CaSP3R\ntuser.dat.LOG1 Object is locked skipped
C:\Users\CaSP3R\ntuser.dat.LOG2 Object is locked skipped
C:\Users\CaSP3R\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf Object is locked skipped
C:\Users\CaSP3R\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Users\CaSP3R\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Windows\Debug\PASSWD.LOG Object is locked skipped
C:\Windows\Debug\sam.log Object is locked skipped
C:\Windows\Debug\WIA\wiatrace.log Object is locked skipped
C:\Windows\Logs\CBS\CBS.log Object is locked skipped
C:\Windows\Logs\DPX\setupact.log Object is locked skipped
C:\Windows\Logs\DPX\setuperr.log Object is locked skipped
C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe.config Object is locked skipped
C:\Windows\Panther\catalogs\OfflineUpgradeStore.dat Object is locked skipped
C:\Windows\Panther\catalogs\OnlineEnvStore.dat Object is locked skipped
C:\Windows\Panther\catalogs\OnlineMigStore.dat Object is locked skipped
C:\Windows\Panther\catalogs\OnlineUpgradeStore.dat Object is locked skipped
C:\Windows\Panther\UnattendGC\diagerr.xml Object is locked skipped
C:\Windows\Panther\UnattendGC\diagwrn.xml Object is locked skipped
C:\Windows\Panther\UnattendGC\setupact.log Object is locked skipped
C:\Windows\Panther\UnattendGC\setuperr.log Object is locked skipped
C:\Windows\SchedLgU.Txt Object is locked skipped
C:\Windows\security\database\secedit.sdb Object is locked skipped
C:\Windows\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 Object is locked skipped
C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 Object is locked skipped
C:\Windows\System32\catroot2\edb.log Object is locked skipped
C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb Object is locked skipped
C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb Object is locked skipped
C:\Windows\System32\config\COMPONENTS Object is locked skipped
C:\Windows\System32\config\COMPONENTS.LOG1 Object is locked skipped
C:\Windows\System32\config\COMPONENTS.LOG2 Object is locked skipped
C:\Windows\System32\config\DEFAULT Object is locked skipped
C:\Windows\System32\config\default.LOG1 Object is locked skipped
C:\Windows\System32\config\default.LOG2 Object is locked skipped
C:\Windows\System32\config\SAM Object is locked skipped
C:\Windows\System32\config\SAM.LOG1 Object is locked skipped
C:\Windows\System32\config\SAM.LOG2 Object is locked skipped
C:\Windows\System32\config\SECURITY Object is locked skipped
C:\Windows\System32\config\SECURITY.LOG1 Object is locked skipped
C:\Windows\System32\config\SECURITY.LOG2 Object is locked skipped
C:\Windows\System32\config\SOFTWARE Object is locked skipped
C:\Windows\System32\config\SOFTWARE.LOG1 Object is locked skipped
C:\Windows\System32\config\SOFTWARE.LOG2 Object is locked skipped
C:\Windows\System32\config\SYSTEM Object is locked skipped
C:\Windows\System32\config\SYSTEM.LOG1 Object is locked skipped
C:\Windows\System32\config\SYSTEM.LOG2 Object is locked skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TM.blf Object is locked skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Windows\System32\LogFiles\Scm\SCM.EVM Object is locked skipped
C:\Windows\System32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped
C:\Windows\System32\restore\MachineGuid.txt Object is locked skipped
C:\Windows\System32\spool\SpoolerETW.etl Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\2B8B1A8B0ACD3EE28B421D3918DC1F29.mof Object is locked skipped
C:\Windows\System32\wbem\Logs\WMITracing.log Object is locked skipped
C:\Windows\System32\wbem\Repository\INDEX.BTR Object is locked skipped
C:\Windows\System32\wbem\Repository\MAPPING1.MAP Object is locked skipped
C:\Windows\System32\wbem\Repository\MAPPING2.MAP Object is locked skipped
C:\Windows\System32\wbem\Repository\OBJECTS.DATA Object is locked skipped
C:\Windows\System32\winevt\Logs\Application.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\DFS Replication.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\HardwareEvents.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Internet Explorer.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Key Management Service.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Media Center.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Bits-Client%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-CodeIntegrity%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-CorruptedFileRecovery-Client%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-CorruptedFileRecovery-Server%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-DateTimeControlPanel%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnosis-DPS%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnosis-MSDT%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnosis-PLA%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnostics-Networking%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnostics-Performance%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-DiskDiagnostic%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-DiskDiagnosticDataCollector%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-DiskDiagnosticResolver%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-DriverFrameworks-UserMode%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Forwarding%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-GroupPolicy%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Help%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-International%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Kernel-WDI%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Kernel-WHEA.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-LanguagePackSetup%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-MeetingSpace%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-MemoryDiagnostics-Results%4Debug.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-MUI%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-NetworkAccessProtection%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-ParentalControls%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Program-Compatibility-Assistant%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-ReadyBoost%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-ReliabilityAnalysisComponent%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-RemoteAssistance%4Admin.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-RemoteAssistance%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Exhaustion-Detector%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Exhaustion-Resolver%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Leak-Diagnostic%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-RestartManager%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-TaskScheduler%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-UAC%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-UAC-FileVirtualization%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-WindowsUpdateClient%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Winlogon%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Winsock-WS2HELP%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Wired-AutoConfig%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-WLAN-AutoConfig%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\ODiag.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\OSession.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Security.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Setup.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\System.evtx Object is locked skipped
C:\Windows\WindowsUpdate.log Object is locked skipped
C:\Windows\winsxs\x86_microsoft-windows-n..n_service_datastore_31bf3856ad364e35_6.0.6000.16386_none_cef7ceb03914a67f\dnary.xsd Object is locked skipped
C:\_OTMoveIt\MovedFiles\VundoFix Backups\abxgdcfw.dll.bad Infected: Trojan.Win32.BHO.bd skipped
C:\_OTMoveIt\MovedFiles\VundoFix Backups\amajxcbl.dll.bad Infected: Trojan.Win32.BHO.bd skipped
C:\_OTMoveIt\MovedFiles\VundoFix Backups\apjsfskm.dll.bad Infected: Trojan.Win32.BHO.bd skipped
C:\_OTMoveIt\MovedFiles\VundoFix Backups\cbcfeisb.dll.bad Infected: Trojan.Win32.BHO.bd skipped
C:\_OTMoveIt\MovedFiles\VundoFix Backups\cvhunihs.dll.bad Infected: Trojan.Win32.BHO.bd skipped
C:\_OTMoveIt\MovedFiles\VundoFix Backups\fovnectk.dll.bad Infected: Trojan.Win32.BHO.bd skipped
C:\_OTMoveIt\MovedFiles\VundoFix Backups\glgwxqef.dll.bad Infected: Trojan.Win32.BHO.bd skipped
C:\_OTMoveIt\MovedFiles\VundoFix Backups\glwqjmvq.dll.bad Infected: Trojan.Win32.BHO.bd skipped
C:\_OTMoveIt\MovedFiles\VundoFix Backups\gqlrabij.dll.bad Infected: Trojan.Win32.BHO.bd skipped
C:\_OTMoveIt\MovedFiles\VundoFix Backups\hmdxoqui.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
C:\_OTMoveIt\MovedFiles\VundoFix Backups\jjkkrdjj.dll.bad Infected: Trojan.Win32.BHO.bd skipped
C:\_OTMoveIt\MovedFiles\VundoFix Backups\klbfkmeh.dll.bad Infected: Trojan.Win32.BHO.bd skipped
C:\_OTMoveIt\MovedFiles\VundoFix Backups\lmomkmjh.dll.bad Infected: Trojan.Win32.BHO.bd skipped
C:\_OTMoveIt\MovedFiles\VundoFix Backups\sughqfat.dll.bad Infected: Trojan.Win32.BHO.bd skipped
C:\_OTMoveIt\MovedFiles\VundoFix Backups\upigxpdq.dll.bad Infected: Trojan.Win32.BHO.bd skipped
C:\_OTMoveIt\MovedFiles\VundoFix Backups\wgxdtiap.dll.bad Infected: Trojan.Win32.BHO.bd skipped
C:\_OTMoveIt\MovedFiles\Windows\system32\xvdcnolt.dll Infected: not-a-virus:AdWare.Win32.BHO.v skipped

Scan process completed.






Logfile of HijackThis v1.99.1
Scan saved at 8:08:25 PM, on 8/28/2007
Platform: Unknown Windows (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files\Search Settings Protection\SearchSettingsProtection.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Windows\stsystra.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\System32\ctfmon.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\Users\CaSP3R\AppData\Local\Temp\Rar$EX00.803\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en&...us&ibd=4061107
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.optimum.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.811.com/saecs.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.com/ig/dell?hl=en&...us&ibd=4061107
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SearchProtection] C:\Program Files\Search Settings Protection\SearchSettingsProtection.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl06a\BrStDvPt.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O11 - Options group: [INTERNATIONAL] International*
O13 - Gopher Prefix:
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/...eInstaller.exe
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/res...scbase8300.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\Windows\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\Windows\system32\wpdshserviceobj.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LibUsb-Win32 - Daemon, Version 0.1.10.1 (libusbd) - http://libusb-win32.sourceforge.net - C:\Windows\system32\libusbd-nt.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)
Torres919 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
 
Page 1 of 2 1 2

« Previous Thread | Next Thread »

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off



All times are GMT -7. The time now is 12:19 PM.

Contact Us - Tech Support Forum - Archive - Privacy Statement - Top


Copyright 2001 - 2009, Tech Support Forum
Home Tips Plus | Outdoor Basecamp | Automotive Support Forum

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85