|
|
|
|
|||||
|
|
|
|
|
|
|||
| Welcome
to Tech Support Forum home to more then 136,000 problems solved. Issues
have included: Spyware, Malware, Virus Issues, Windows, Microsoft,
Linux, Networking, Security, Hardware, and Gaming Getting your
problem solved is as easy as: 1. Registering for a free account 2. Asking your question 3. Receiving an answer Registered members: * See fewer ads. * And much more..
|
| Want to know how to post a question? click here | Having problems with spyware and pop-ups? First Steps |
|
|||||||
| Resolved HJT Threads Resolved spyware and popup issues. |
|
|
LinkBack | Thread Tools |
12-04-2007, 05:30 AM
|
#1 (permalink) |
|
Registered User
Join Date: Dec 2007
Posts: 3
OS: XP PRO SP2
|
just wanted to say thanks and..
yesterday i went into porn site and infected my self with kind of trojan desktop hijacker
 (i know...i am stupid as hell rofl)anyway..i started to get random messeges from the net..you know haha the usual ****. i used hijackthis and after shutdown and after few sec switched on, it looked like the pc is fine and the hijacker toolbar dispear, so..i left home to work and came back at night and..haha what a surprise..my desktop had new look with that red warning pic or what ever and i had 3 new shortcuts on the desktop :"error cleaner" "shield protector" or something like that. and...i had also 30 explorrer pages with alert's and very nice girls lol. so..in that moment i understood that the hijackthis and superantispyware didn't do it and under heavy attack of random messeges i surrfed to your site and found the solution: http://www.techsupportforum.com/secu...ereferral.html so..i wanted to say thanks alot for this great help and knowlege...i apriciate your help..also..is it ok? or do i need to clean more? right now the pc is ok since the morning and its clean and run's great...no random messeges and no tool bars and i already switched off the pc and set back the system restore. the funny thing is that i use to give pc support and i am the one that attacked my self..i was about to format the pc and your help saved me this long proccess:) |
|
     |
| Sponsored Links |
|
12-07-2007, 07:40 AM
|
#2 (permalink) | |
|
Expert Analyst, Moderator, Security Team
Join Date: Sep 2006
Posts: 1,541
OS: xp
|
Re: just wanted to say thanks and..
Hi piki
Please go through this process: Quote:
|
|
|
|
|
|
12-16-2007, 07:23 AM
|
#3 (permalink) |
|
Registered User
Join Date: Dec 2007
Posts: 3
OS: XP PRO SP2
|
Re: just wanted to say thanks and..
hi:)
thanks for the reply, i followed the 5 steps and again...since the first clean i made (cleanining instructions i have found here) ,my pc works perfect, but just to make sure, i went with this 5 steps and here the logs: *just one little thing befor:i have big file that contain 600-700 virruses on my system. folder name is "virus test" so, do not get in panic when you see this folder name in the logs, its a fake and this virus files meant to test anti virus software, so again..it's not active:) *also attached log of the panda malaware free scan. and now...to the logs: Deckard's System Scanner v20071014.68 Run by Administrator on 2007-12-16 17:03:00 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- System Restore -------------------------------------------------------------- Successfully created a Deckard's System Scanner Restore Point. -- Last 5 Restore Point(s) -- 13: 2007-12-16 15:03:03 UTC - RP13 - Deckard's System Scanner Restore Point 12: 2007-12-16 14:36:31 UTC - RP12 - Software Distribution Service 3.0 11: 2007-12-15 18:19:22 UTC - RP11 - נקודת ביקורת של המערכת 10: 2007-12-14 18:07:58 UTC - RP10 - נקודת ביקורת של המערכת 9: 2007-12-13 17:58:15 UTC - RP9 - נקודת ביקורת של המערכת -- First Restore Point -- 1: 2007-12-04 11:27:32 UTC - RP1 - נקודת ביקורת של המערכת Backed up registry hives. Performed disk cleanup. -- HijackThis Clone ------------------------------------------------------------ Emulating logfile of Trend Micro HijackThis v2.0.2 Scan saved at 2007-12-16 17:04:47 Platform: Windows XP Service Pack 2 (5.01.2600) MSIE: Internet Explorer (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\system32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\explorer.exe C:\WINDOWS\SoundMan.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\WINDOWS\system32\delttray.exe C:\WINDOWS\system32\WTablet\TabUserW.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe C:\Program Files\Eset\nod32krn.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Tablet.exe C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe C:\WINDOWS\system32\svchost.exe C:\Documents and Settings\Administrator\שולחן העבודה\dss.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://home.microsoft.com/access/autosearch.asp?p=%s R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft.com/isapi/redir...ie&ar=iesearch O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [DeltTray] DeltTray.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\RunOnceEx: [Flags] 8 O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe O8 - Extra context menu item: &יצא ל- Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: מחקר - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: C:\WINDOWS\system32\nwprovau.dll O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Plug-in 1.6.0_03) - http://java.sun.com/update/1.6.0/jin...ws-i586-jc.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab O16 - DPF: {F59AB0C4-3443-4551-A78F-C101F9DE0215} (LauncherV1 Class) - http://irc.nana10.co.il/Cabs/launcher39.cab O17 - HKLM\SYSTEM\CCS\Services\Tcpip\..\{43017092-3744-4B62-BC31-6C0054E7C3E7}: NameServer = 192.116.202.222 213.8.172.83 O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: NBService - Unknown owner - C:\Program Files\Nero\Nero 7\Nero O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- End of file - 8554 bytes -- HijackThis Fixed Entries (C:\Documents and Settings\Administrator\שולחן העבודה\backups\) -------------------------------------------------------------------------------- backup-20071203-143530-148 O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE backup-20071203-153023-763 O3 - Toolbar: The voipwet - {0687766B-F048-43D1-B33B-DBE6FE9AE712} - C:\WINDOWS\voipwet.dll backup-20071203-234420-227 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php...MjI6Ojg5&lid=2 backup-20071203-234559-919 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local backup-20071204-003539-507 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php...MjI6Ojg5&lid=2 -- File Associations ----------------------------------------------------------- All associations okay. -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- R0 PenClass (Pen Class) - c:\windows\system32\drivers\penclass.sys <Not Verified; Wacom Technology Corporation; Wacom Pen Class Driver> R1 Asapi - c:\windows\system32\drivers\asapi.sys <Not Verified; VOB Computersysteme GmbH; asapi> R1 SASDIFSV - c:\program files\superantispyware\sasdifsv.sys R1 SASKUTIL - c:\program files\superantispyware\saskutil.sys R1 SCDEmu - c:\windows\system32\drivers\scdemu.sys <Not Verified; PowerISO Computing, Inc.; scdemu> R2 AMON - c:\windows\system32\drivers\amon.sys <Not Verified; Eset; NOD32 Antivirus System> R2 Nsynas32 - c:\windows\system32\drivers\nsynas32.sys <Not Verified; Syncrosoft Hard- und Software GmbH; Internet Protection Hardware Driver> R3 CLEDX (Team H2O CLEDX service) - c:\windows\system32\drivers\cledx.sys <Not Verified; Team H2O; CLEDX> R3 DELTA (Service for Delta Driver (WDM)) - c:\windows\system32\drivers\delta.sys <Not Verified; Midiman/M-Audio; M-Audio Delta WDM Driver> R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus(R) ASPI Shell> S3 SASENUM - c:\program files\superantispyware\sasenum.sys <Not Verified; SuperAdBlocker, Inc.; SuperAntiSpyware> -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled -------------------- R2 TabletService - c:\windows\system32\tablet.exe <Not Verified; Wacom Technology, Corp.; Wacom Win32 Tablet Service> S3 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)> S3 NBService - c:\program files\nero\nero 7\nero backitup\nbservice.exe -- Device Manager: Disabled ---------------------------------------------------- Class GUID: {4D36E96C-E325-11CE-BFC1-08002BE10318} Description: Realtek High Definition Audio Device ID: HDAUDIO\FUNC_01&VEN_10EC&DEV_0880&SUBSYS_08600000&REV_0900\4&20F56C7A&0&0201 Manufacturer: Realtek Name: Realtek High Definition Audio PNP Device ID: HDAUDIO\FUNC_01&VEN_10EC&DEV_0880&SUBSYS_08600000&REV_0900\4&20F56C7A&0&0201 Service: IntcAzAudAddService -- Files created between 2007-11-16 and 2007-12-16 ----------------------------- 2007-12-16 16:12:45 0 d-------- C:\Program Files\SpywareBlaster 2007-12-16 08:57:26 0 d-------- C:\WINDOWS\system32\ActiveScan 2007-12-16 08:57:24 0 d-------- C:\WINDOWS\LastGood 2007-12-14 07:45:49 0 d-------- C:\Documents and Settings\All Users\Application Data\n7-89-o9-3r-4t-r9 2007-12-14 07:44:48 0 d-------- C:\Documents and Settings\Administrator\Application Data\GameHouse 2007-12-14 07:44:32 0 d-------- C:\Program Files\GameHouse 2007-12-10 12:18:28 0 d-------- C:\Program Files\WallaChat 2007-12-10 10:31:13 0 d--h----- C:\WINDOWS\PIF 2007-12-08 13:45:57 171280 --a------ C:\WINDOWS\system32\jit.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) Operating System> 2007-12-08 13:45:57 139536 --a------ C:\WINDOWS\system32\javaee.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) Operating System> 2007-12-08 13:45:57 313856 --a------ C:\WINDOWS\system32\dx3j.dll <Not Verified; Microsoft Corporation; Microsoft DirectX for Java> 2007-12-08 13:45:57 46352 --a------ C:\WINDOWS\setdebug.exe <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) Operating System> 2007-12-08 13:45:57 6550 --a------ C:\WINDOWS\jautoexp.dat 2007-12-08 13:45:51 113 --a------ C:\WINDOWS\system32\zonedon.reg 2007-12-08 13:45:51 113 --a------ C:\WINDOWS\system32\zonedoff.reg 2007-12-08 13:45:51 171792 --a------ C:\WINDOWS\system32\wjview.exe <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) Operating System> 2007-12-08 13:45:51 286992 --a------ C:\WINDOWS\system32\vmhelper.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) Operating System> 2007-12-08 13:45:51 21264 --a------ C:\WINDOWS\system32\msjdbc10.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) Operating System> 2007-12-08 13:45:50 945936 --a------ C:\WINDOWS\system32\msjava.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) Operating System> 2007-12-08 13:45:50 154384 --a------ C:\WINDOWS\system32\msawt.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) Operating System> 2007-12-08 13:45:50 172304 --a------ C:\WINDOWS\system32\jview.exe <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) Operating System> 2007-12-08 13:45:49 15120 --a------ C:\WINDOWS\system32\jdbgmgr.exe <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) Operating System> 2007-12-08 13:45:49 404752 --a------ C:\WINDOWS\system32\javart.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) Operating System> 2007-12-08 13:45:49 63248 --a------ C:\WINDOWS\system32\javaprxy.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) Operating System> 2007-12-08 13:45:49 187152 --a------ C:\WINDOWS\system32\javacypt.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) Operating System> 2007-12-08 13:45:47 49424 --a------ C:\WINDOWS\system32\clspack.exe <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) Operating System> 2007-12-08 13:44:24 0 d-------- C:\Program Files\i2i Internet Solutions 2007-12-08 00:12:55 0 d-------- C:\Documents and Settings\Administrator\Application Data\WinRAR 2007-12-04 14:14:45 0 d-------- C:\Documents and Settings\All Users\Application Data\WildTangent 2007-12-04 13:08:04 0 d-------- C:\Documents and Settings\All Users\Application Data\nView_Profiles 2007-12-04 01:19:37 2394 --a------ C:\WINDOWS\system32\tmp.reg 2007-12-04 01:18:51 25600 --a------ C:\WINDOWS\system32\WS2Fix.exe 2007-12-04 01:18:51 289144 --a------ C:\WINDOWS\system32\VCCLSID.exe <Not Verified; S!Ri; > 2007-12-04 01:18:51 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS> 2007-12-04 01:18:51 53248 --a------ C:\WINDOWS\system32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility> 2007-12-04 01:18:51 51200 --a------ C:\WINDOWS\system32\dumphive.exe 2007-12-04 01:05:05 0 d-------- C:\Documents and Settings\Administrator\Application Data\Grisoft 2007-12-04 01:04:42 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft 2007-12-04 00:57:03 0 d-------- C:\Documents and Settings\Administrator\Application Data\TrojanHunter 2007-12-03 23:39:22 0 d-------- C:\WINDOWS\CSC 2007-12-03 15:29:19 0 d-------- C:\Program Files\TrojanHunter 5.0 2007-12-03 14:49:41 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com 2007-12-03 14:49:38 0 d-------- C:\Program Files\SUPERAntiSpyware 2007-12-03 14:49:38 0 d-------- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com 2007-12-03 14:49:23 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard 2007-12-01 20:21:13 0 d-------- C:\Program Files\Common Files\Macrovision Shared 2007-11-27 23:29:22 0 d-------- C:\Documents and Settings\All Users\Application Data\Minnetonka Audio Software 2007-11-27 17:45:56 14604 --a------ C:\WINDOWS\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus(R) ASPI Shell> 2007-11-27 16:29:42 0 d-------- C:\Program Files\PowerISO 2007-11-26 10:39:49 0 d-------- C:\Program Files\GStudio7 2007-11-26 10:39:11 0 d-------- C:\WINDOWS\Downloaded Installations 2007-11-26 00:11:10 0 d-------- C:\Documents and Settings\Administrator\Application Data\Ulead Systems 2007-11-25 23:39:57 0 d-------- C:\Program Files\SmartSound Software 2007-11-25 23:39:57 0 d-------- C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc 2007-11-25 23:38:04 0 d-------- C:\Program Files\Common Files\InterVideo 2007-11-25 23:37:59 0 d-------- C:\Documents and Settings\All Users\Application Data\InterVideo 2007-11-25 23:37:33 0 d-------- C:\Program Files\Windows Media Components 2007-11-25 23:36:44 0 d-------- C:\Program Files\Ulead Systems 2007-11-25 23:36:44 0 d-------- C:\Program Files\Common Files\Ulead Systems 2007-11-25 23:36:44 0 d-------- C:\Documents and Settings\All Users\Application Data\Ulead Systems 2007-11-19 12:12:22 0 d-------- C:\Program Files\Jasc Software Inc 2007-11-19 12:12:22 0 d-------- C:\Documents and Settings\Administrator\Application Data\Jasc Software Inc 2007-11-18 01:46:37 0 d-------- C:\Program Files\Radish Works 2007-11-17 11:56:00 0 d-------- C:\Program Files\Amabilis 2007-11-17 10:30:58 2119539 --a------ C:\WINDOWS\LightWave 3D 9 Web Help Uninstaller.exe 2007-11-17 10:27:47 1228379 --a------ C:\WINDOWS\LightWave 3D 9 Uninstaller.exe 2007-11-17 10:27:22 0 d-------- C:\Program Files\NewTek -- Find3M Report --------------------------------------------------------------- 2007-12-16 16:59:20 0 d-------- C:\Documents and Settings\Administrator\Application Data\Azureus 2007-12-16 16:59:02 0 d-------- C:\Documents and Settings\Administrator\Application Data\uTorrent 2007-12-16 09:35:51 0 d-------- C:\Program Files\mIRC 2007-12-15 18:56:36 321 --a------ C:\WINDOWS\system32\tablet.dat 2007-12-11 19  52 0 d-------- C:\Program Files\Windows Media Connect 22007-12-03 14:49:23 0 d-------- C:\Program Files\Common Files 2007-12-01 20:17:37 0 d-------- C:\Program Files\Common Files\Adobe 2007-11-30 01:55:52 467 --a------ C:\WINDOWS\system32\Datei9 2007-11-30 01:55:52 467 --a------ C:\WINDOWS\system32\Datei8 2007-11-30 01:55:52 469 --a------ C:\WINDOWS\system32\Datei7 2007-11-30 01:55:52 465 --a------ C:\WINDOWS\system32\Datei6 2007-11-30 01:55:52 469 --a------ C:\WINDOWS\system32\Datei5 2007-11-30 01:55:52 471 --a------ C:\WINDOWS\system32\Datei4 2007-11-30 01:55:52 470 --a------ C:\WINDOWS\system32\Datei3 2007-11-30 01:55:52 471 --a------ C:\WINDOWS\system32\Datei2 2007-11-30 01:55:52 467 --a------ C:\WINDOWS\system32\Datei10 2007-11-30 01:55:52 470 --a------ C:\WINDOWS\system32\Datei1 2007-11-30 01:55:52 468 --a------ C:\WINDOWS\system32\Datei0 2007-11-27 18:05:46 0 d-------- C:\Documents and Settings\Administrator\Application Data\Adobe 2007-11-27 17:45:55 0 d--h----- C:\Program Files\InstallShield Installation Information 2007-11-25 23:39:23 0 d-------- C:\Program Files\QuickTime 2007-11-01 15:17:07 0 d-------- C:\Program Files\Common Files\SWF Studio 2007-11-01 11:58:08 0 d-------- C:\Program Files\Toon Boom Animation 2007-10-23 13:24:24 0 d-------- C:\Documents and Settings\Administrator\Application Data\Steinberg 2007-10-23 13:21:33 0 d-------- C:\Program Files\Steinberg 2007-10-22 21:42:53 0 d-------- C:\Program Files\Syncrosoft 2007-10-22 21:18:41 0 d-------- C:\Program Files\Pinnacle 2007-10-22 20:16:10 0 d-------- C:\Documents and Settings\Administrator\Application Data\Cakewalk 2007-10-22 20:14:28 0 d-------- C:\Program Files\Cakewalk 2007-10-22 20:14:04 118784 --a------ C:\WINDOWS\dsdxirmv.exe 2007-10-21 17:35:37 0 d-------- C:\Program Files\Accessdiver 2007-10-21 09:02:10 0 d-------- C:\Documents and Settings\Administrator\Application Data\vlc 2007-10-21 08:58:35 0 d-------- C:\Program Files\VideoLAN 2007-10-20 12:04:37 0 d-------- C:\Program Files\VOB 2007-10-19 15:29:49 81920 --a------ C:\WINDOWS\ALCFDRTM.EXE <Not Verified; Realtek Semiconductor Corp.; Realtek ALCFDRTM> 2007-10-18 10:07:39 0 d-------- C:\Documents and Settings\Administrator\Application Data\Ahead 2007-10-18 10:07:06 0 d-------- C:\Program Files\Common Files\Ahead 2007-10-18 10:05:43 0 d-------- C:\Program Files\Nero 2007-10-17 16 37 0 d-------- C:\Program Files\DAEMON Tools2007-10-17 13:56:06 0 d-------- C:\Program Files\Microsoft.NET 2007-10-17 11:43:41 0 d-------- C:\Program Files\M-Audio Delta 2007-10-17 11:34:47 0 d-------- C:\Program Files\Tablet 2007-10-17 11:23:31 0 d-------- C:\Documents and Settings\Administrator\Application Data\ScanSoft 2007-10-17 11:23:29 0 d-------- C:\Program Files\Common Files\ScanSoft Shared 2007-10-17 11:23:12 0 d-------- C:\Program Files\ScanSoft 2007-10-17 11:19:49 0 d-------- C:\Program Files\Canon 2007-10-17 11:13:43 0 d-------- C:\Program Files\Common Files\InstallShield 2007-10-16 15:30:10 0 d-------- C:\Documents and Settings\Administrator\Application Data\Real 2007-10-16 15:29:02 0 d-------- C:\Program Files\Common Files\xing shared 2007-10-16 15:29:01 0 d-------- C:\Program Files\Real 2007-10-16 15:28:58 0 d-------- C:\Program Files\Common Files\Real 2007-10-16 15:19:36 0 d-------- C:\Documents and Settings\Administrator\Application Data\Media Player Classic 2007-10-16 13:10:03 0 d-------- C:\Documents and Settings\Administrator\Application Data\mIRC 2007-10-16 12:52:07 0 d-------- C:\Documents and Settings\Administrator\Application Data\Apple Computer 2007-10-16 12:02:12 0 d-------- C:\Program Files\K-Lite Codec Pack 2007-10-14 22:34:20 274432 --a------ C:\WINDOWS\system32\imon.dll <Not Verified; Eset; NOD32 Antivirus System> 2007-10-14 22:25:30 62 --ahs---- C:\Documents and Settings\Administrator\Application Data\desktop.ini 2007-10-14 20:57:21 247754 --a------ C:\WINDOWS\system32\perfh00d.dat 2007-10-14 20:57:21 39976 --a------ C:\WINDOWS\system32\perfc00d.dat 2007-10-14 20:49:36 315392 --a------ C:\WINDOWS\HideWin.exe <Not Verified; Realtek Semiconductor Corp.; HD Audio Hide windows program> 2007-10-14 20:36:00 0 -rahs---- C:\MSDOS.SYS 2007-10-14 20:36:00 0 -rahs---- C:\IO.SYS 2007-10-14 20:36:00 0 --a------ C:\CONFIG.SYS 2007-10-14 20:36:00 0 --a------ C:\AUTOEXEC.BAT 2007-10-14 20:32:24 22160 --a------ C:\WINDOWS\system32\emptyregdb.dat 2007-09-17 01:07:00 1626112 --a------ C:\WINDOWS\system32\nwiz.exe 2007-09-17 01:07:00 1019904 --a------ C:\WINDOWS\system32\nvwimg.dll 2007-09-17 01:07:00 1703936 --a------ C:\WINDOWS\system32\nvwdmcpl.dll 2007-09-17 01:07:00 466944 --a------ C:\WINDOWS\system32\nvshell.dll 2007-09-17 01:07:00 1478656 --a------ C:\WINDOWS\system32\nview.dll 2007-09-17 01:07:00 1339392 --a------ C:\WINDOWS\system32\nvdspsch.exe 2007-09-17 01:07:00 442368 --a------ C:\WINDOWS\system32\nvappbar.exe 2007-09-17 01:07:00 425984 --a------ C:\WINDOWS\system32\keystone.exe -- Registry Dump --------------------------------------------------------------- *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "High Definition Audio Property Page Shortcut"="HDAShCut.exe" [01/07/2005 05:07 PM C:\WINDOWS\system32\HdAShCut.exe] "SoundMan"="SOUNDMAN.EXE" [07/21/2006 04:14 PM C:\WINDOWS\SoundMan.exe] "AlcWzrd"="ALCWZRD.EXE" [05/04/2006 04:26 PM C:\WINDOWS\alcwzrd.exe] "nod32kui"="C:\Program Files\Eset\nod32kui.exe" [05/31/2006 02:13 AM] "nwiz"="nwiz.exe" [09/17/2007 01:07 AM C:\WINDOWS\system32\nwiz.exe] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [09/25/2007 01:11 AM] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [10/16/2007 03:28 PM] "DeltTray"="DeltTray.exe" [08/26/2004 10:43 PM C:\WINDOWS\system32\delttray.exe] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [09/17/2007 01:07 AM] "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [06/11/2007 11:25 AM] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [09/01/2006 03:57 PM] C:\Documents and Settings\All Users\š šŒ\šš\Œ\ TabUserW.exe.lnk - C:\WINDOWS\system32\WTablet\TabUserW.exe [17/10/2007 11:34:42] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "DisableRegistryTools"=0 (0x0) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [12/20/2006 01:55 PM 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 04/19/2007 01:41 PM 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^תפריט התחלה^תוכניות^הפעלה^Adobe Acrobat Speed Launcher.lnk] path=C:\Documents and Settings\All Users\תפריט התחלה\תוכניות\הפעלה\Adobe Acrobat Speed Launcher.lnk backup=C:\WINDOWS\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^תפריט התחלה^תוכניות^הפעלה^Adobe Acrobat Synchronizer.lnk] path=C:\Documents and Settings\All Users\תפריט התחלה\תוכניות\הפעלה\Adobe Acrobat Synchronizer.lnk backup=C:\WINDOWS\pss\Adobe Acrobat Synchronizer.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OPSE reminder] "C:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\Ereg.exe" -r "C:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\ereg.ini" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pwnage_deluxe] C:\WINDOWS\system32\ICQ_Lite.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel] SkyTel.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UVS11 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe *Newly Created Service* - RKPAVPROC -- End of Deckard's System Scanner: finished at 2007-12-16 17:05:24 ------------ Deckard's System Scanner v20071014.68 Extra logfile - please post this as an attachment with your post. -------------------------------------------------------------------------------- -- System Information ---------------------------------------------------------- Microsoft Windows XP Professional (build 2600) SP 2.0 Architecture: X86; Language: Other (040d) - see http://preview.tinyurl.com/mhhp6 CPU 0: Intel(R) Pentium(R) 4 CPU 3.20GHz CPU 1: Intel(R) Pentium(R) 4 CPU 3.20GHz Percentage of Memory in Use: 26% Physical Memory (total/avail): 2046.73 MiB / 1506.58 MiB Pagefile Memory (total/avail): 3942.71 MiB / 3602.79 MiB Virtual Memory (total/avail): 2047.88 MiB / 1921.79 MiB A: is Removable (No Media) C: is Fixed (NTFS) - 29.29 GiB total, 9.73 GiB free. D: is Fixed (NTFS) - 149.05 GiB total, 15.37 GiB free. E: is Fixed (NTFS) - 82.49 GiB total, 10.46 GiB free. F: is Fixed (NTFS) - 74.52 GiB total, 14.45 GiB free. G: is CDROM (No Media) H: is Fixed (NTFS) - 74.53 GiB total, 15.66 GiB free. I: is CDROM (No Media) \\.\PHYSICALDRIVE0 - ST3120026AS - 111.79 GiB - 2 partitions \PARTITION0 (bootable) - מערכת קבצים ניתנת להתקנה - 29.29 GiB - C: \PARTITION1 - Extended w/Extended Int 13 - 82.49 GiB - E: \\.\PHYSICALDRIVE2 - ST3160815AS - 149.05 GiB - 1 partition \PARTITION0 - מערכת קבצים ניתנת להתקנה - 149.05 GiB - D: \\.\PHYSICALDRIVE3 - ST380817AS - 74.53 GiB - 1 partition \PARTITION0 - מנהל דיסק לוגי - 74.53 GiB - H: \\.\PHYSICALDRIVE1 - WDC WD800JD-00HKA0 - 74.53 GiB - 1 partition \PARTITION0 - Extended w/Extended Int 13 - 74.52 GiB - F: -- Security Center ------------------------------------------------------------- AUOptions is set to notify before install. Windows Internal Firewall is enabled. FirstRunDisabled is set. UpdatesDisableNotify is set. AV: Eset NOD32 antivirus system 2.51 v2.51 (Eset) [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "D:\\desk top folders befor format\\progies\\utorrent.exe"="D:\\desk top folders befor format\\progies\\utorrent.exe:*:Enabled:Torrent" "E:\\programs\\eMule_Flux_v0[1].47c_CHD_0706\\emule.exe"="E:\\programs\\eMule_Flux_v0[1].47c_CHD_0706\\emule.exe:*:Enabled:eMule" "E:\\programs\\BitTornado\\btdownloadgui.exe"="E:\\programs\\BitTornado\\btdownloadgui.exe:*:Enabled:btdownloadgui" "E:\\programs\\Azureus\\Azureus\\Azureus.exe"="E:\\programs\\Azureus\\Azureus\\Azureus.exe:*:Enabled:Azureus" "E:\\programs\\ABC\\abc.exe"="E:\\programs\\ABC\\abc.exe:*:Enabled:abc" "C:\\Program Files\\Java\\jre1.6.0_03\\bin\\javaw.exe"="C:\\Program Files\\Java\\jre1.6.0_03\\bin\\javaw.exe:*:Enabled:Java(TM) Platform SE binary" "H:\\games\\WORMS MAYAM\\WORMS 4 MAYHEM.EXE"="H:\\games\\WORMS MAYAM\\WORMS 4 MAYHEM.EXE:*:Disabled:Worms 4 Mayhem" "C:\\Documents and Settings\\Administrator\\שולחן העבודה\\desk top folders befor format\\sdc203\\StrongDC.exe"="C:\\Documents and Settings\\Administrator\\שולחן העבודה\\desk top folders befor format\\sdc203\\StrongDC.exe:*:Enabled:StrongDC++" "C:\\Documents and Settings\\Administrator\\שולחן העבודה\\desk top folders befor format\\sdc203\\sdc203\\StrongDC.exe"="C:\\Documents and Settings\\Administrator\\שולחן העבודה\\desk top folders befor format\\sdc203\\sdc203\\StrongDC.exe:*:Enabled:StrongDC++" "C:\\Program Files\\NewTek\\LightWave 3D 9\\Programs\\hub.exe"="C:\\Program Files\\NewTek\\LightWave 3D 9\\Programs\\hub.exe:*:Enabled:hub" "C:\\Program Files\\NewTek\\LightWave 3D 9\\Programs\\lightwav.exe"="C:\\Program Files\\NewTek\\LightWave 3D 9\\Programs\\lightwav.exe:*:Enabled:lightwav" "C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour" -- Environment Variables ------------------------------------------------------- ALLUSERSPROFILE=C:\Documents and Settings\All Users APPDATA=C:\Documents and Settings\Administrator\Application Data CLASSPATH=.;C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip CLIENTNAME=Console CommonProgramFiles=C:\Program Files\Common Files COMPUTERNAME=CROW2004 ComSpec=C:\WINDOWS\system32\cmd.exe FP_NO_HOST_CHECK=NO HOMEDRIVE=C: HOMEPATH=\Documents and Settings\Administrator LOGONSERVER=\\CROW2004 NUMBER_OF_PROCESSORS=2 OS=Windows_NT Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Intel\DMIX;C:\Program Files\Common Files\Ulead Systems\MPEG;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Common Files\Ahead\Lib\ PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH PROCESSOR_ARCHITECTURE=x86 PROCESSOR_IDENTIFIER=x86 Family 15 Model 3 Stepping 4, GenuineIntel PROCESSOR_LEVEL=15 PROCESSOR_REVISION=0304 ProgramFiles=C:\Program Files PROMPT=$P$G QTJAVA=C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip SESSIONNAME=Console SystemDrive=C: SystemRoot=C:\WINDOWS TEMP=C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp TMP=C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp USERDOMAIN=CROW2004 USERNAME=Administrator USERPROFILE=C:\Documents and Settings\Administrator windir=C:\WINDOWS -- User Profiles --------------------------------------------------------------- Administrator (admin) -- Add/Remove Programs --------------------------------------------------------- --> "C:\Program Files\InstallShield Installation Information\{BB8AE808-F003-4C7F-B56B-8C80EEAFFE23}\setup.exe" --u:{BB8AE808-F003-4C7F-B56B-8C80EEAFFE23} --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0 --> C:\Program Files\Nero\Nero 7\\nero\uninstall\UNNERO.exe /UNINSTALL --> C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL --> C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL --> C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL --> C:\WINDOWS\UNNeroVision.exe /UNINSTALL --> C:\WINDOWS\UNRecode.exe /UNINSTALL --> MsiExec.exe /I{403EF592-953B-4794-BCEF-ECAB835C2095} --> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf עדכון עבור Windows XP (KB898461) --> "C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe" 3D Canvas --> MsiExec.exe /I{B4E9C7FF-2E85-4FDF-AC78-3D2DC7EF278E} 3D Canvas Upgrade --> MsiExec.exe /I{892E1BF8-A1CD-4825-8AF1-1B73CB387692} AccessDiver v4.402 --> "C:\Program Files\Accessdiver\unins000.exe" Adobe Acrobat 8 Professional - English, Franחais, Deutsch --> msiexec /I {AC76BA86-1033-F400-7760-000000000003} Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9c.exe -uninstallUnlock Adobe Premiere Pro --> RunDll32 "C:\Program Files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll",LaunchSetup "C:\Program Files\InstallShield Installation Information\{084709F7-38C5-4609-B55F-2417939315EB}\setup.exe" ASAPI Update --> C:\WINDOWS\system32\IWUNIN~1.EXE -uninstall C:\WINDOWS\ISUNINST.EXE -fC:\PROGRA~1\VOB\ASAPIU~1\ASAPI.isu AVG Anti-Spyware 7.5 --> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe Azureus --> E:\programs\Azureus\Azureus\Uninstall.exe Cakewalk VST Adapter 4 --> C:\PROGRA~1\Cakewalk\CAKEWA~1\UNWISE.EXE C:\PROGRA~1\Cakewalk\CAKEWA~1\INSTALL.LOG Canon MP Drivers 7.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D335AC77-6F59-46D6-9082-F74A9F7E0FC3}\Setup.exe" -l0x9 -Uninstall Canon MP Navigator 1.1 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8653730A-683D-4C42-BB18-6471291D5DEA}\setup.exe" /SUUninstall Canon ScanGear Starter --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{18A5DFF2-8A95-49F3-873F-743CB5549F3D}\setup.exe" -l0x9 anything Canon Utilities Easy-PhotoPrint --> C:\Program Files\Canon\Easy-PhotoPrint\uninst.exe C:\Program Files\Canon\Easy-PhotoPrint\uninst.ini Delta --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A4810699-E859-43A6-8F40-1743873E72AB}\setup.exe" -l0x9 DreamStation DXi2 --> C:\WINDOWS\DSDXIRMV.EXE C:\PROGRAM FILES\CAKEWALK\SHARED DXI\AUDIO SIMULATION\DREAMSTATION DXI2 Easy-WebPrint --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Canon\Easy-WebPrint\Uninst.isu" GameStudio / A7 --> MsiExec.exe /X{9E254561-0F60-4BA0-9276-ECAB61A6F11D} High Definition Audio Driver Package - KB888111 --> "C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe" HijackThis 1.99.1 --> C:\Documents and Settings\Administrator\שולחן העבודה\HijackThis.exe /uninstall Intel(R) PRO Network Connections 11.2.0.69 --> MsiExec.exe /i{2222B364-0854-4265-B32E-A142DB9DC7BB} ARPREMOVE=1 InterVideo DeviceService --> MsiExec.exe /I{521AAD14-5030-44BB-8B0E-5CE65FCE57E0} Jasc Paint Shop Pro 8 --> MsiExec.exe /I{81A34902-9D0B-4920-A25C-4CDC5D14B328} Java(TM) 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030} K-Lite Codec Pack 3.4.5 Standard --> "C:\Program Files\K-Lite Codec Pack\unins000.exe" LightWave 3D 9 --> C:\WINDOWS\LightWave 3D 9 Uninstaller.exe LightWave 3D 9 Web Help --> C:\WINDOWS\LightWave 3D 9 Web Help Uninstaller.exe Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe" Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{9011040D-6000-11D3-8CFE-0150048383C9} Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe" Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d} mIRC --> C:\Program Files\mIRC\uninstall.exe _?=C:\Program Files\mIRC Multimedia Fusion 2 --> C:\Program Files\Multimedia Fusion 2\UninstMMF2.exe Nero 7 Premium --> MsiExec.exe /X{CF097717-F174-4144-954A-FBC4BF301033} neroxml --> MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B} NOD32 antivirus system --> C:\Program Files\Eset\Setup\setup.exe /UNINSTALL NVIDIA Drivers --> C:\WINDOWS\system32\nvudisp.exe UninstallGUI OmniPage SE 2.0 --> MsiExec.exe /I{79D5997E-BF79-48BB-8B41-9BE59C15C2D7} Panda ActiveScan --> C:\WINDOWS\system32\ASUninst.exe Panda ActiveScan PowerISO --> "C:\Program Files\PowerISO\uninstall.exe" QuickTime --> MsiExec.exe /I{F07B861C-72B9-40A4-8B1A-AAED4C06A7E8} Radish Works Cosmos Creator --> MsiExec.exe /I{5A36B6A8-6AAD-43BA-A99A-8BEC51AC743D} RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0 Realtek High Definition Audio Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x9 -removeonly Rhapsody Player Engine --> MsiExec.exe /I{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31} SmartSound Quicktracks Plugin --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E} SONAR 4 Producer Edition --> C:\PROGRA~1\Cakewalk\SONAR4~1\UNWISE.EXE C:\PROGRA~1\Cakewalk\SONAR4~1\INSTALL.LOG SpywareBlaster v3.5.1 --> "C:\Program Files\SpywareBlaster\unins000.exe" Steinberg Cubase SX 3 --> "C:\Program Files\Steinberg\Cubase SX 3\Uninstall.exe" "C:\Program Files\Steinberg\Cubase SX 3\install.log" Steinberg Cubase SX v2.2.0.33 --> C:\PROGRA~1\STEINB~1\CUBASE~2\UNWISE.EXE C:\PROGRA~1\STEINB~1\CUBASE~2\INSTALL.LOG Steinberg Cubase SX v3.1.1.944 --> C:\PROGRA~1\STEINB~1\CUBASE~1\UNWISE.EXE C:\PROGRA~1\STEINB~1\CUBASE~1\INSTALL.LOG Steinberg WaveLab 5.01b --> C:\PROGRA~1\STEINB~1\WaveLab\UNWISE.EXE C:\PROGRA~1\STEINB~1\WaveLab\INSTALL.LOG SUPERAntiSpyware Free Edition --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA} Svetlograd --> C:\PROGRA~1\GAMEHO~1\SVETLO~1\UNWISE.EXE /U C:\PROGRA~1\GAMEHO~1\SVETLO~1\INSTALL.LOG Syncrosoft's License Control --> C:\PROGRA~1\SYNCRO~1\UNWISE.EXE C:\PROGRA~1\SYNCRO~1\INSTALL.LOG SyncroSoft Emu (Remove only) --> C:\Program Files\SyncroSoft\Pos\H2O\Uninst.exe Tablet --> C:\Program Files\Tablet\Remove.exe /u Toon Boom Studio 4.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{62616A4E-82E4-424A-A201-3D29ABB6B7FD}\setup.exe" -l0x9 UNINSTALL -removeonly Tweak UI --> "C:\WINDOWS\system32\mshta.exe" "res://C:\WINDOWS\system32\TweakUI.exe/uninstall.hta" Ulead VideoStudio 11 --> C:\Program Files\InstallShield Installation Information\{F99F9E24-EE2F-47FD-AEB0-FDB82859B5C9}\setup.exe -runfromtemp -l0x0409 VideoLAN VLC media player 0.8.6c --> C:\Program Files\VideoLAN\VLC\uninstall.exe Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe" WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe -- Application Event Log ------------------------------------------------------- Event Record #/Type581 / Warning Event Submitted/Written: 12/15/2007 07:00:36 PM Event ID/Source: 60 / WinMgmt Event Description: ל- WMI ADAP לא היתה אפשרות לעבד את ספריות הביצועים: 0x80041001 Event Record #/Type572 / Warning Event Submitted/Written: 12/13/2007 02:52:25 PM Event ID/Source: 60 / WinMgmt Event Description: ל- WMI ADAP לא היתה אפשרות לעבד את ספריות הביצועים: 0x80041001 Event Record #/Type562 / Warning Event Submitted/Written: 12/09/2007 05:43:38 PM Event ID/Source: 60 / WinMgmt Event Description: ל- WMI ADAP לא היתה אפשרות לעבד את ספריות הביצועים: 0x80041001 Event Record #/Type553 / Error Event Submitted/Written: 12/08/2007 07:44:30 PM Event ID/Source: 1002 / Application Hang Event Description: יישום לא מגיב IEXPLORE.EXE, גירסה 6.0.2900.2180, מודול חוסר תגובה hungapp, גירסה 0.0.0.0, כתובת חוסר תגובה 0x00000000. Event Record #/Type552 / Error Event Submitted/Written: 12/08/2007 07:44:28 PM Event ID/Source: 1002 / Application Hang Event Description: יישום לא מגיב IEXPLORE.EXE, גירסה 6.0.2900.2180, מודול חוסר תגובה hungapp, גירסה 0.0.0.0, כתובת חוסר תגובה 0x00000000. -- Security Event Log ---------------------------------------------------------- No Errors/Warnings found. -- System Event Log ------------------------------------------------------------ Event Record #/Type4150 / Warning Event Submitted/Written: 12/16/2007 08:36:25 AM Event ID/Source: 36 / W32Time Event Description: The time service has not been able to synchronize the system time for 49152 seconds because none of the time providers has been able to provide a usable time stamp. The system clock is unsynchronized. Event Record #/Type4030 / Warning Event Submitted/Written: 12/15/2007 01:34:15 PM Event ID/Source: 3019 / MRxSmb Event Description: The redirector failed to determine the connection type. Event Record #/Type4029 / Warning Event Submitted/Written: 12/15/2007 03:03:56 AM Event ID/Source: 3019 / MRxSmb Event Description: The redirector failed to determine the connection type. Event Record #/Type4028 / Warning Event Submitted/Written: 12/15/2007 03:03:46 AM Event ID/Source: 3019 / MRxSmb Event Description: The redirector failed to determine the connection type. Event Record #/Type4027 / Warning Event Submitted/Written: 12/15/2007 03:03:38 AM Event ID/Source: 3019 / MRxSmb Event Description: The redirector failed to determine the connection type. -- End of Deckard's System Scanner: finished at 2007-12-16 17:05:24 ------------ |
|
|
|
|
12-16-2007, 11:41 AM
|
#4 (permalink) |
|
Expert Analyst, Moderator, Security Team
Join Date: Sep 2006
Posts: 1,541
OS: xp
|
Re: just wanted to say thanks and..
I see you recently ran smithfraudfix, good you did, delete it, if it is ever needed again you would have to re-download.
Looking ok except for Your cracks and keygens In my opinion none are safe Virus:Generic Trojan Not disinfected F:\bin-cue\game maker 7 with crack.rar[Crack\GM70_DrXJ.exe][DrXJ.exe] etc etc etc etc |
|
|
|
| Thread Tools | |
|
|
